Nytro Posted December 19, 2012 Report Posted December 19, 2012 Exploiting All Remote Vulnerability In Metasploitable - 2 Description: In this video I will show you how to exploit remote vulnerabilities on Metasploitable -2 .So I’m going to exploit 7 different remote vulnerabilities , here are the list of vulnerabilities.UnrealIRCD 3.2.8.1 Backdoor Command Execution | Metasploit Exploit Database (DB)This module exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.VSFTPD v2.3.4 Backdoor Command Execution | Metasploit Exploit Database (DB)This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.PHP CGI Argument Injection | Metasploit Exploit Database (DB)When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."Distributed Ruby Send instance_eval/syscall Code Execution | Metasploit Exploit Database (DB)This module exploits remote code execution vulnerabilities in dRubySamba "username map script" Command Execution | Metasploit Exploit Database (DB)This module exploits a command execution vulerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!DistCC Daemon Command Execution | Metasploit Exploit Database (DB)This module uses a documented security weakness to execute arbitrary commands on any system running distccd.Java RMI Server Insecure Default Configuration Java Code Execution | Metasploit Exploit Database (DB)This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.Source : - Penetration Testing Software | Metasploit Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Exploiting All Remote Vulnerability In Metasploitable - 2 Quote
