There are some must be known information before entering the system. Let’s start from beginning and move stepbystep.
- Finding the IP address
We can find the IP address with different and easy ways (except fixed situations). First one is PING method, other is popular program what is known as DMITRY.
- Using of PING method is so convenient. It’s enough that write these codes on command block.
In this case, we write “ping” in front of target site and press “enter”. Then it returns us the IP address from site link (work principle of method).
As you can see, consecutive written IPs are our target. After copying the IP, we’ll move on NMAP program.
2) DMITRY has various features. It’s used by hackers for gathering information. It’s enoguh to write “dmitry” to look at these features. Although it has many functions, we just use the functions as below.
As you can see, it returned us different results for “medium.com”. The required information is HostIP to us.
2. Scanning the ports with NMAP.
NMAP has wide features and it’s “our scared-vascular system”. With Nmap, we can use it to discover hosts and services on a computer network by sending packets and analyzing the responses. To gather information about NMAP, we just write “nmap” and press “enter”. But in this lecture we just use required commands as below.
As you can see it printed us much information about many ports, their situations (open-close), type of system and version. Mainly we attack the open ports and which version has security vulnerabilities. Sometimes ports could be “filtered”. There are some technics to entering these filtered ports. In next lectures, we’ll talk about it. After analyzing ports, we must be sure that system version has security vulnerabilities or doesn’t. For that reason, we have to pass to Metasploit.
3. Intro to Metasploit
Writing “msfconsole” on command block we enter the Metasploit and it welcomes us such as interface :)
We copy the system version from previous screen and write “search “version”” on command block and at least we test it has security vulnerabiliy or doesn’t.
In thise screen, as you see we scanned 21. port and returned positive result :) There is ‘excellent’ level vsfptd 2.3.4 vulnerability which was discovered in 2011. In othe hand, we can search it different way in internet and find exploit. But for that, probably we have to install it. For example: google < search < “vsftpd 2.3.4 exploit”
4. Hack & exploit the system!
Now we reached to final stage. It’s time to enter the system!
We copy “exploit/unix/ftp/vsftpd_234_backdoor” link and starting to use to write “use” in front of link.
We entered our exploit, now for gathering futher information let’s write “options” and see what happens.
To make the attack more comfortable, we have to fill “Current Setting” in RHOSTS with target IP. For that we use commands as below.
So it’s time to catastrophe (last attack) and just writing “exploit” to enter the system !
Finally we entered the system. Now everything is ready. We can learn our authority easily on system. For that, it’s enough that just write “whoami”. In previous stage as you know we found ‘excellent’ vulnerability, so we have the max level authority which named ‘root’. See you in next lectures !