Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Securing Network Infrastructure

You're reading from   Securing Network Infrastructure Discover practical network security with Nmap and Nessus 7

Arrow left icon
Product type Course
Published in Mar 2019
Publisher
ISBN-13 9781838642303
Length 538 pages
Edition 1st Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Sairam Jetty Sairam Jetty
Author Profile Icon Sairam Jetty
Sairam Jetty
Sagar Rahalkar Sagar Rahalkar
Author Profile Icon Sagar Rahalkar
Sagar Rahalkar
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Title Page
Copyright and Credits
About Packt
Contributors
Preface
1. Introduction to Network Vulnerability Scanning FREE CHAPTER 2. Understanding Network Scanning Tools 3. Port Scanning 4. Vulnerability Scanning 5. Configuration Audits 6. Report Analysis and Confirmation 7. Understanding the Customization and Optimization of Nessus and Nmap 8. Network Scanning for IoT, SCADA/ICS 9. Vulnerability Management Governance 10. Setting Up the Assessment Environment 11. Security Assessment Prerequisites 12. Information Gathering 13. Enumeration and Vulnerability Assessment 14. Gaining Network Access 15. Assessing Web Application Security 16. Privilege Escalation 17. Maintaining Access and Clearing Tracks 18. Vulnerability Scoring 19. Threat Modeling 20. Patching and Security Hardening 21. Vulnerability Reporting and Metrics 1. Other Books You May Enjoy Index

Exploiting remote services using Metasploit


Before we go ahead and exploit the services on remote target system, we must know what all the services are running and what their exact versions are. We can do a quick Nmap scan to list service version information as shown in the following image:

The preceding result shows there are many services running which we can exploit using Metasploit.

 

 

Exploiting vsftpd

From the Nmap scan and enumeration, we got to know that our target is running an FTP server. The server version is vsftpd 2.3.4 and is active on port 21. We open the Metasploit framework using the msfconsole command and then search for any exploit matching vsftp as shown in the following image.  Metasploit has an exploit vsftpd_234_backdoor which we can use to compromise the target.

We select the vsftp exploit and set the RHOST parameter as the IP address of the target. Then we run the exploit as shown in the following image. The exploit was successful and it opened up a command shell. Using...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime