"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." -- metasploit team
Attacker:
Backtrack 5 R2
IP: 10.10.10.128/24
Victim:
metasploitable
IP: 10.10.10.129/24
2, Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit
use NMAP to probe the opening ports and services
found the following services:
2, exploit vulnerable services:
[1] exploit distccd service to get in the victim server with limited privilege
[2] grep SSH key file information
[3] exploit Debian OpenSSH service to get into the victim server as root privilege
[2] Tutorial on g0tmi1k's Blog
[3] Metasploitable official website
Attacker:
Backtrack 5 R2
IP: 10.10.10.128/24
Victim:
metasploitable
IP: 10.10.10.129/24
vulnerability & exploit:
1, DistCC Daemon Command Execution2, Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit
Attacking process:
1, discover the vulnerable services:use NMAP to probe the opening ports and services
nmap -sS -sV -p0-65535 -O 10.10.10.129 -v
found the following services:
[1] distccd service running on port 3632
[2] Debian openSSH running on port 22
2, exploit vulnerable services:
[1] exploit distccd service to get in the victim server with limited privilege
[2] grep SSH key file information
[3] exploit Debian OpenSSH service to get into the victim server as root privilege
Reference:
[1] Metasploitable download link[2] Tutorial on g0tmi1k's Blog
[3] Metasploitable official website
No comments:
Post a Comment