sábado, 8 de junho de 2019

Server-side attacks - Metasploit basics

Server-side attacks - Metasploit basics

In this section, we are going to look at the very simple exploit which is backdoor.

We are choosing this exploit because we are going to look at a framework called Metasploit.

Metasploit is an exploit development and execution tool.

First, let's look at how we can find that exploit.

 Again, using the same method that we have already been, we have a Nmap scan as we know we are going to go on each port and Google them, looking for exploits.

So, we will Google the service name vsftpd 2.3.4 exploit which is followed by exploits.

We can see that the first results come in from a website Rapid7.

Rapid7 is a company that makes the Metasploit framework, so that's why we choose this particular exploits. Now using the Metasploit, we are going to exploit this service.

Rapid7 will tell us that the 2.3.4 version of FTP has a backdoor command execution, so we can basically execute commands on the target computer if it has this program installed.

And using the Nmap, we can see that this program is installed, which means that we can execute commands on the target machine.
Metasploit is made by Raid7.

 It's a huge framework that contains a large number of exploits.

 It allows us to exploit vulnerabilities or create our own exploits. T

he commands on Metasploit are very simple. Here are some basic commands:

msfconsole:It is used to run the Metasploit program.
help:Using this command, we can get information about the commands and description of how we can use them.
show:This command shows the available exploits. We can show the available auxiliaries and the available payloads.
use:This command is used to use something that we have shown. For example, we show the exploits, and we pick a certain exploit that we want to use. Then we use the use command, and we type in the exploit name to run it.
set:This command is used to set specific options for exploit. For example, if we want to set the port of target, we set the port and then we enter the value of the port that we want to set it to.
exploit:At the end, once we finish configuring, we can type in exploit to execute that exploit.

We went on Nmap, and when we Googled the name of service which is vsftpd 2.3.4 exploit, we can see that this service has a backdoor command execution.

 Because this is on Rapid7, the vulnerability is exploitable using Metasploit, and the module name that we are going to be using is exploit.unix/ftp/vsftpd_234_backdoor to exploit this vulnerability.

Now we will go to our console, we are going to use the msfconsole command to launch the Metasploit, and we are going to run use and then put the name of the exploits, which is exploit.unix/ftp/vsftpd_234_backdoor:

Server-side attacks - Metasploit basics

In the following screenshot, we can see that the name is changed to exploit and then the name of exploit that we are using:

Server-side attacks - Metasploit basics
Then we are going to use the show command to show the options that we need to set.

As we know, show is a generic command that we can use in a number of cases.

In this case, we will use show options to see all the options that we can change for this particular exploits as shown in the given screenshot:
Server-side attacks - Metasploit basicsIn the above screenshot, we can see that the second option is port that the service is running on.

It's already set to port 21.

Now, if we go back to Nmap, we will see that our target FTP server or client is running on port 21.

Now, we only need to change the RHOST. 

RHOST is the target IP address, and we are going to set RHOST, and that is the IP address of our target Metasploitable machine.

We will use set and then we will put the option name.

Now we will change the RHOST to 10.0.2.4. If we want to change the port, we can set RPORT.

The command is as follows:

Server-side attacks - Metasploit basics

Press ENTER, now in the next screenshot, we can see that RHOST is set to 10.0.2.4:

Server-side attacks - Metasploit basics

Now we will do show option command again just to make sure that everything is configured correctly, and we can see in the following screenshot, RHOST has been changed to 10.0.2.4:

Server-side attacks - Metasploit basics

Everything is ready.

Now, we are going to execute the exploit command.

In the following screenshot, we can see that exploit was run successfully, and now we have access to the target computer.

If we do id, we will see that our UID is root:
Server-side attacks - Metasploit basics

Now basically we are running Linux command here, so if we do uname -a, we will see that this is my Metasploitable machine.

 If we do ls, it will list the files for us.

 If we do pwd, it will show use where we are, and we can use Linux command to do anything we want on the target machine:

Server-side attacks - Metasploit basics

Now, this was a very simple use of Metasploit.

In the future, we will use it for more advanced actions.

Sem comentários:

Enviar um comentário