Hacking Book | Free Online Hacking Learning

Home

share your technology and add some temperature for safety

Posted by forbes at 2020-02-24
all

Next, what else can I wait for? Let's see if there are any relevant useful Exps in MSF. Here I omit the search process. If you don't know how to search, you can search his service, his version, or some other keywords,

For This is the only exp in vsftp version 2.3.4. Let's just try it. As usual, let's look at the parameters he needs. Then we can add some more parameters to him. I like to be careful. I'll say the parameters here again. Rhost shows the IP address of the target host. Of course, the port of the target host is the port of the target host. It's given by default here It is 21. Of course, any port can be modified, so you should pay attention to the port in the actual use

The IP address of the target host is 10.0.10.104. In the new version of MSF, it is allowed not to add the payload parameter, but it can be given automatically by the system, so I won't write it directly here

0x04 attack:

If there is an error, we need to solve it according to each item,

At this point, we basically get the shell and root permission. Then we can create a user, log in with the normal user in a positive way, and then try to raise the right,

0x05 analysis: first of all, msfconsole determines the service version of port 21 of the target server by sending ack detection packets. The returned packets can clearly see the specific version. Here I also suggest that you use ack scanning mode and syn scanning mode when using NAMP, which is fast and accurate,

   

Then, MSF logs in to the target server anonymously and attempts to trigger a malicious back door,

The malicious back door was triggered successfully, and a shell bounced back to the 8 machine. The first half of the article is the log made before, and the picture of packet capturing below is intercepted now, so don't be curious. Also, after the attacker executes the command, it will be sent to the victim. We can see clearly in the packets intercepted by wirehack

This is the figure just triggered. We can see clearly that this is just code execution without establishing a session. If it is a session, there will be a prompt, but this one does not. That is to say, it can use the current root user to execute arbitrary commands, such as adding a user