Attack Metasploitable machine with Metasploit using the most effective methods and tools. Pentest is like a state of mind.
METASPLOIT CYBER MISSILE COMMAND V5
What is Metasploitable?
msf5 > db_nmap 172.16.74.129 -sC -A -vvv
What we will Hack?
- Attack Linux DistCC Daemon Command Execution – Port 3632
- How to attack PostgreSQL Server
- Attack Samba Server
VSFTPD v2.3.4 Backdoor Command Execution
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
Samba “username map script” Command Execution
This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option.
By specifying a username containing shell meta characters, attackers can execute arbitrary commands.
No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
Apache – PHP CGI Argument Injection
When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution.
From the advisory: “if there is NO unescaped ‘=’ in the query string, the string is split on ‘+’ (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the “encoded in a system-defined manner” from the RFC) and then passes them to the CGI binary.”
This module can also be used to exploit the plesk 0day disclosed by kingcope and exploited in the wild on June 2013.