How to Attack Metasploitable with Metasploit v5

Attack Metasploitable machine with Metasploit using the most effective methods and tools. Pentest is like a state of mind.

METASPLOIT CYBER MISSILE COMMAND V5

What is Metasploitable?

msf5 > db_nmap 172.16.74.129 -sC -A -vvv

What we will Hack?

VSFTPD v2.3.4 Backdoor Command Execution

This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.

Metasploitable References

  • OSVDB-73573

Samba “username map script” Command Execution

Attack Metasploitable
Attack Metasploitable
multi/samba/usermap_script

This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option.

By specifying a username containing shell meta characters, attackers can execute arbitrary commands.

No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!

Apache – PHP CGI Argument Injection

How to Attack Metasploitable with Metasploit v5
multi/http/php_cgi_arg_injection

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution.

From the advisory: “if there is NO unescaped ‘=’ in the query string, the string is split on ‘+’ (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the “encoded in a system-defined manner” from the RFC) and then passes them to the CGI binary.”

This module can also be used to exploit the plesk 0day disclosed by kingcope and exploited in the wild on June 2013.

References

How to Attack FTP Servers port 21