Links:
watch the HD video online: http://vimeo.com/f4l13n5now/holynix2
Description:
" Similar to the de-ice pentest CDs and pWnOS, Holynix is an Linux vmware image that was deliberately built to have security holes for the purposes of penetration testing."--------- Holynix team
Attacker:
Backtrack 5 R2IP: 192.168.1.2/24
Victim:
Holynix level 2IP: 192.168.1.88/24
vulnerability & exploit:
2, Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit
Attacking tools:
2, nmap
3, DirBuster
4, Exploit-DB
5, John The Ripper
6, Metasploit
Attacking process:
use netdiscover to sweep the active hosts in the network:
netdiscover -i wlan0 -r 192.168.1.88
use NMAP to probe the opening ports and services:
nmap -sS -sV -O 192.168.1.88 -v
found the following services:[1] HTTP service running on port 80
[2] SSH service running on port 22
[3] FTP service running on port 21
[1] DNS service running on port 53
use DNS zone transfer to harvest FTP username:
dig AXFR zincftp.com @192.168.1.88
use DirBuster to enumerate web directories:
java -jar DirBuster -u http://www.zincftp.com/
found the following directories:
[1] /phpMyAdmin/
[2] /setup_guide/todo
2, exploit vulnerable services:
[1] exploit phpMyAdmin Remote Directory Traversal vulnerability to get FTP users' password ("/etc/pure-ftpd/pureftpd.passwd")
[2] use JTR to crack those passwords
[3] login to the FTP server with cracked account and upload php attacking payload and reverse connect to attacker machine (got low privilege)
[4] broswering the server system directories and collect information (found "my_key.eml" under directory "amckinley")
[5] use new account login to the server via SSH (upgrade to user privilege)
[6] exploit "Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit" to get root privilege
pode me ajudar ??
ReplyDelete