Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016

Published byMalcolm Hill Modified over 5 years ago

Similar presentations

Presentation on theme: "Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016"— Presentation transcript:

1 Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
By Shain Amzovski

2 Metasploitable Intentionally vulnerable Linux Virtual Machine.
This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

3 NMAP scan Ran nmap from Metasploit in Kali-Linux 2016.
Detected which ports were open in Metasploitable 2. Looked for exploits to attack the Metasploitable VM.

4 IRC Server Port 7194 Exploit
First, I ran a command execution that exploits a malicious backdoor that was added to the Unreal IRCD download archive.  Checks if an IRC server is back doored by running a time-based command (ping) and checking how long it takes to respond. Command = exploit/unix/irc/unreal_ircd_328 1_backdoor Exploit gives hacker access to all directories.

5 FTP Exploit on Port 21  This command exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd tar.gz archive between June 30th 2011 and July 1st according to the most recent information available. This backdoor was removed on July 3rd 2011. Command = exploit/unix/ftp/vsftpd_234_ba ckdoor Gives you access to root.

6 PHP Exploit Port 80 When run as a CGI, PHP up to version and is vulnerable to an argument injection vulnerability. This vulnerability leaks the source code of the application and allows remote code execution. This module can also be used to exploit the plesk 0day disclosed by kingcope and exploited in the wild on June 2013. Command = exploit/multi/http/php_cgi_arg_i njection

7 TCP/UDP Exploit This command exploits remote code execution vulnerabilities in dRuby. Command = exploit/linux/misc/drb_remot e_codeexec Exploit allows for root access.

Download ppt "Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016"

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.

Similar presentations

Ads by Google