This project demonstrates the integration of a vulnerable Metasploitable3 virtual machine into an Active Directory environment using a Domain Controller (DC). A vulnerability assessment was performed using Nessus Essentials through Kali Linux on both DC1 and Metasploitable machines . This repository documents the setup, identified vulnerabilities, and mitigation strategies.
- Nessus Essentials: For vulnerability scanning and assessment.
- Metasploitable3: Vulnerable machine used for testing.
- Windows Server 2008 R2: Configured as the Domain Controller (DC).
- Kali Linux: Primary machine for running scans and other penetration testing tools.
- Domain Controller Setup:
- Windows Server 2008 R2 configured as the main DC with the domain
cs.loc. - Metasploitable3 configured to join the Active Directory domain.
- Windows Server 2008 R2 configured as the main DC with the domain
- Network Configuration:
- Metasploitable3 was set up with the DC's IP address as the primary DNS server.
-
Nessus Essentials was installed on the Kali Linux machine and configured to run vulnerability scans on the Metasploitable3 and DC1 machines.
-
Basic setup steps and configurations were performed to ensure successful scan initiation.
Screenshot:
-
Metasploitable3:
- 20 vulnerabilities identified.
- Critical issues include Elasticsearch RCE and ManageEngine RCE.
Screenshots:
-
Domain Controller (DC1):
- Low and Medium vulnerabilities identified.
- ICMP Timestamp Vulnerability was the primary low-severity finding.
Screenshots:
This vulnerability allows a remote attacker to execute arbitrary code. The issue can be mitigated by upgrading to a secure version and restricting port access.
Detailed Mitigation:
Elasticsearch Mitigation
This vulnerability allows arbitrary file upload and remote code execution on the server. The issue can be mitigated by upgrading the software and disabling vulnerable features.
Detailed Mitigation:
ManageEngine Mitigation
This vulnerability exposes the timestamp of the system, which can aid in certain attacks. The issue can be mitigated by disabling ICMP timestamp responses on both Windows and Linux.
Detailed Mitigation:
ICMP Timestamp Mitigation
The Metasploitable3 machine was successfully integrated into the cs.loc domain.
Screenshot:
The following computers and users were added to the Active Directory.
Screenshot:
The screenshot below shows the successful ping from Metasploitable3 to the Domain Controller (DC1), confirming network connectivity.
This project successfully integrated a vulnerable machine into an Active Directory environment and demonstrated how to identify and mitigate vulnerabilities using Nessus Essentials. Through this project, a clearer understanding of Active Directory integration and vulnerability management was achieved.