=======================================================

Wednesday, October 17, 2012

Looking for Vulnerability of Metasploitable

In the section, i examine metasploitable on Vbox to see possibility which made vulnerable. Ok, lets go my virtu lab and finish the job.

1. Information Gathering
    Scan Host
   
==> I get life host --> a) 192.168.56.1 ( my host )
                                   b) 192.168.56.100 ( gateway )
                                   c)  192.168.56.102 ( metasploitable host )

2. Sevice Enumeration
    Looking for running service on ==> 192.168.56.101

   
==> I get some running service.

3. Vulnerable Assesment
     Looking for vulnerable possibility.
     ==> Nessus

    ==> I got some information about risk running service.
    ==> See on picture above, i see backdoor on port 1524.

   
4. Exploit/Pentest
   ==> telnet < host > <port>
   ==> telnet 192.168.56.102 1524


  ==> I got the root
  ==> Looking for other user with ==> cat /etc/shadow


  ==> Hash with John



Back view on VA for other way pentest.
==> I see mysql service with default configure.


==> I can login with no password ==> mysql -h 192.168.56.101

=================================================================================
=================================================================================
Time

No comments:

Post a Comment

Subscribe to: Post Comments (Atom) 

==========================================================================
==========================================================================
                                                                
IIIIIIIIII   SSSSSSSSSSSSSSS  222222222222222           CCCCCCCCCCCCC
I::::::::I SS:::::::::::::::S2:::::::::::::::22      CCC::::::::::::C
I::::::::IS:::::SSSSSS::::::S2::::::222222:::::2   CC:::::::::::::::C
II::::::IIS:::::S     SSSSSSS2222222     2:::::2  C:::::CCCCCCCC::::C
  I::::I  S:::::S                        2:::::2 C:::::C       CCCCCC
  I::::I  S:::::S                        2:::::2C:::::C              
  I::::I   S::::SSSS                  2222::::2 C:::::C              
  I::::I    SS::::::SSSSS        22222::::::22  C:::::C              
  I::::I      SSS::::::::SS    22::::::::222    C:::::C              
  I::::I         SSSSSS::::S  2:::::22222       C:::::C              
  I::::I              S:::::S2:::::2            C:::::C              
  I::::I              S:::::S2:::::2             C:::::C       CCCCCC
II::::::IISSSSSSS     S:::::S2:::::2       222222 C:::::CCCCCCCC::::C
I::::::::IS::::::SSSSSS:::::S2::::::2222222:::::2  CC:::::::::::::::C
I::::::::IS:::::::::::::::SS 2::::::::::::::::::2    CCC::::::::::::C
IIIIIIIIII SSSSSSSSSSSSSSS   22222222222222222222       CCCCCCCCCCCCC
                                                                   
==========================================================================
==========================================================================

My Classmate

Show All 

==========================================================================
        (        )      )          (    (           (     
  *   ) )\ )  ( /(   ( /(   (      )\ ) )\ )        )\ )  
` )  /((()/(  )\())  )\())  )\    (()/((()/(   (   (()/(  
 ( )(_))/(_))((_)\  ((_)\((((_)(   /(_))/(_))  )\   /(_)) 
(_(_())(_)) __ ((_)  _((_))\ _ )\ (_)) (_))_  ((_) (_))   
|_   _|| _ \\ \ / / | || |(_)_\(_)| _ \ |   \ | __|| _ \  
  | |  |   / \ V /  | __ | / _ \  |   / | |) || _| |   /  
  |_|  |_|_\  |_|   |_||_|/_/ \_\ |_|_\ |___/ |___||_|_\  
                                                         
==========================================================================