Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting Metasploitable

Published byJulius Marshall Modified over 5 years ago

Similar presentations

Presentation on theme: "Exploiting Metasploitable"— Presentation transcript:

1 Exploiting Metasploitable
Marcus Wilson Advanced Penetration Testing MIS 5212

2 Exploit Background NMAP Reconnaissance
Target Operating System: Metasploitable 2 VM Target IP Address: Source Operating System: Kali Linux VM Source IP Address: NMAP Reconnaissance Source System Source System Port 3306 for MySQL service is open and running MySQL a Port 21 for ftp service is open and running vsftpd 2.3.4

3 The FTP Exploit Source System Used Metasploit search to find any exploits related to vsftpd Found an exploit for vsftpd 2.3.4 Set the RHOST to the target IP address for Metasploitable Found an exploit for vsftpd 2.3.4 Successfully used the backdoor and gained access to a shell Used a “whoami” and “pwd” commands to determine what privilege level Determined it was root access in the root directory Source System

4 FTP Exploit Continued MySQL Exploit
Source System Target System msfadmin TempleOwls Used the root shell access to change the root password to the system Attempted to SU to root user on the Metasploitable VM using original default password and failed. Root password was successfully changed using exploited shell Source System Source System MySQL Exploit Additionally used the mysql_login exploit to check for MySQL root access which was successful due to a blank root password Successfully gained root access and created a new MySQL user with root access

Download ppt "Exploiting Metasploitable"

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap 127.0.0.1 [Better] netstat -lpunt.

SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.

COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.

Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

Similar presentations

Ads by Google