Man
Professional
- Messages
- 3,222
- Reaction score
- 804
- Points
- 113
Greetings to all!
Today I will tell you how to install, configure, and exploit vulnerabilities of a previously vulnerable Metasploitable2-Linux machine. In this article I will rather share my experience of hacking a vulnerable host in a virtual machine.
But first, some legal information:
This article is created for informational/educational/developmental purposes only.
The author of the article is not responsible for your actions.
The author of the article does not call for anything, moreover, I remind you of the existence of some articles in the Criminal Code of the Russian Federation, no one has canceled them:
Criminal Code of the Russian Federation Article 272. Unauthorized access to computer information Criminal
Code of the Russian Federation Article 273. Creation, use and distribution of malicious computer programs.
Criminal Code of the Russian Federation Article 274. Violation of the rules for the operation of means of storage, processing or transmission of computer information and information and telecommunication networks
Naturally, for the purposes of studying the specified software, I use a virtual machine on my personal computer, and not a remote host or server.
My main system is Kali GNU/Linux, the target of my attack is a Metasploitable2-Linux virtual machine. In general, Metasploitable2-Linux was created for penetration testing (pentest, whitehacking) of another well-known framework - metasploit-framework. But I will not use metasploit-framework in this case, but will try to attack a vulnerable host with brute-force programs - hydra, medusa, ncrack.
So we have two tasks now:
I "Raise" the vulnerable machine in virtual box, and configure it.
II Exploit the machine's vulnerabilities.
I. Oddly enough, but the first task turned out to be much more difficult than the second.
You can download the image of a vulnerable machine here https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
After downloading, you will see an archive, which we will unpack.
We see that there are several files inside the archive.
Next, we will install all the software we need with the command:
In the Kali GNU/Linux operating system, the nmap whatweb hydra medusa ncrack packages are pre-installed, but I need to install virtualbox.
After installation, open the program
Click "create", give a name, select the type Linux, Version Other Linux 64bit
Next we set 512 MB of RAM, 2 processor cores, and about 2 GB of hard disk space. Next, it is very important!!! We choose to use the existing virtual hard disk Metasploitable.vdmk.
Next, you need to configure the network bridge, this is also extremely important. I use a USB cable to connect to the network, which means you need to select this for the virtual host, otherwise the virtual host will be assigned an IPv6 address and the hacking procedure will either become more complicated, or such a host will not have access to the local network at all. Click on settings (right mouse button on our virtual machine), then network. Select the network bridge and the USB0 interface.
This completes the setup and installation.
II The hack itself.
We launch our virtual machine, log in - login and password msfadmin. We enter the command ifconfig and see the IP address of the machine - 192.168.166.234.
Next, we scan the host (some commands and programs are executed as root, so sometimes the sudo prefix is needed):
We see services, OS, other information, and open ports.
We create user and password dictionaries - user.txt, pass.txt. Mine are quite small, I will display their contents with the cat command.
Information on utilities and attacked protocols is in the screenshots below:
Next, we begin hacking using the brute force method. First, ncrack. We enter three commands in turn:
As you can see from the screenshot, the password-login pair was successfully selected in all three cases. That is, the program launches a search through the login and password dictionaries with the port of the vulnerable service specified (21 - ftp, 22 - ssh, 23 - telnet). In turn, we found out the open ports using nmap.
For the sake of interest, let's log in to the vulnerable machine via telnet (port 23), using the ncrack-selected login and password msfadmin.
As you can see on the screenshot below, it was successful:
Next we use medusa:
As you can see, for Medusa you need to assign not a port, but a protocol (in this case, ssh and ftp)
As you can see from the screenshots below, Medusa also copes with the task:
Now we use hydra, by analogy, only for this program it is necessary to specify the port and protocol in addition to the dictionaries:
As you can see from the screenshots below, it was successful, and the selected login-password pair is highlighted by Hydra:
Let's try to log in to ftp using the user-user pair selected by Hydra:
Successfully.
As you can see from the examples, all three utilities hydra, medusa, ncrack have a similar syntax. And it is quite easy to use them against the target host, you only need to create (or download) dictionaries of logins and passwords, having previously scanned open ports with nmap. But you can use such programs only on vulnerable machines such as Metasploitable, or you can use them authorized, as part of an audit on the server of a company with which a contract for an information security audit has been concluded (in other words, a pentest). Unauthorized use of such programs is illegal.
Thank you all for your attention until next time.
Source
Today I will tell you how to install, configure, and exploit vulnerabilities of a previously vulnerable Metasploitable2-Linux machine. In this article I will rather share my experience of hacking a vulnerable host in a virtual machine.
But first, some legal information:
This article is created for informational/educational/developmental purposes only.
The author of the article is not responsible for your actions.
The author of the article does not call for anything, moreover, I remind you of the existence of some articles in the Criminal Code of the Russian Federation, no one has canceled them:
Criminal Code of the Russian Federation Article 272. Unauthorized access to computer information Criminal
Code of the Russian Federation Article 273. Creation, use and distribution of malicious computer programs.
Criminal Code of the Russian Federation Article 274. Violation of the rules for the operation of means of storage, processing or transmission of computer information and information and telecommunication networks
Naturally, for the purposes of studying the specified software, I use a virtual machine on my personal computer, and not a remote host or server.
My main system is Kali GNU/Linux, the target of my attack is a Metasploitable2-Linux virtual machine. In general, Metasploitable2-Linux was created for penetration testing (pentest, whitehacking) of another well-known framework - metasploit-framework. But I will not use metasploit-framework in this case, but will try to attack a vulnerable host with brute-force programs - hydra, medusa, ncrack.
So we have two tasks now:
I "Raise" the vulnerable machine in virtual box, and configure it.
II Exploit the machine's vulnerabilities.
I. Oddly enough, but the first task turned out to be much more difficult than the second.
You can download the image of a vulnerable machine here https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
After downloading, you will see an archive, which we will unpack.
We see that there are several files inside the archive.
Next, we will install all the software we need with the command:
Code:
sudo apt install nmap whatweb hydra medusa ncrack virtualboxIn the Kali GNU/Linux operating system, the nmap whatweb hydra medusa ncrack packages are pre-installed, but I need to install virtualbox.
After installation, open the program
Click "create", give a name, select the type Linux, Version Other Linux 64bit
Next we set 512 MB of RAM, 2 processor cores, and about 2 GB of hard disk space. Next, it is very important!!! We choose to use the existing virtual hard disk Metasploitable.vdmk.
Next, you need to configure the network bridge, this is also extremely important. I use a USB cable to connect to the network, which means you need to select this for the virtual host, otherwise the virtual host will be assigned an IPv6 address and the hacking procedure will either become more complicated, or such a host will not have access to the local network at all. Click on settings (right mouse button on our virtual machine), then network. Select the network bridge and the USB0 interface.
This completes the setup and installation.
II The hack itself.
We launch our virtual machine, log in - login and password msfadmin. We enter the command ifconfig and see the IP address of the machine - 192.168.166.234.
Next, we scan the host (some commands and programs are executed as root, so sometimes the sudo prefix is needed):
Code:
whatweb 192.168.166.234
sudo nmap 192.168.166.234We see services, OS, other information, and open ports.
We create user and password dictionaries - user.txt, pass.txt. Mine are quite small, I will display their contents with the cat command.
Information on utilities and attacked protocols is in the screenshots below:
Next, we begin hacking using the brute force method. First, ncrack. We enter three commands in turn:
Code:
ncrack -U user.txt -P pass.txt 192.168.166.234:21 -v
ncrack -U user.txt -P pass.txt 192.168.166.234:23 -v
ncrack -U user.txt -P pass.txt 192.168.166.234:22 -vAs you can see from the screenshot, the password-login pair was successfully selected in all three cases. That is, the program launches a search through the login and password dictionaries with the port of the vulnerable service specified (21 - ftp, 22 - ssh, 23 - telnet). In turn, we found out the open ports using nmap.
For the sake of interest, let's log in to the vulnerable machine via telnet (port 23), using the ncrack-selected login and password msfadmin.
As you can see on the screenshot below, it was successful:
Next we use medusa:
Code:
sudo medusa -U user.txt -P pass.txt -h 192.168.166.234 -M ssh
sudo medusa -U user.txt -P pass.txt -h 192.168.166.234 -M ftpAs you can see, for Medusa you need to assign not a port, but a protocol (in this case, ssh and ftp)
As you can see from the screenshots below, Medusa also copes with the task:
Now we use hydra, by analogy, only for this program it is necessary to specify the port and protocol in addition to the dictionaries:
Code:
hydra -L user.txt -P pass.txt ftp://192.168.166.234:21As you can see from the screenshots below, it was successful, and the selected login-password pair is highlighted by Hydra:
Let's try to log in to ftp using the user-user pair selected by Hydra:
Successfully.
As you can see from the examples, all three utilities hydra, medusa, ncrack have a similar syntax. And it is quite easy to use them against the target host, you only need to create (or download) dictionaries of logins and passwords, having previously scanned open ports with nmap. But you can use such programs only on vulnerable machines such as Metasploitable, or you can use them authorized, as part of an audit on the server of a company with which a contract for an information security audit has been concluded (in other words, a pentest). Unauthorized use of such programs is illegal.
Thank you all for your attention until next time.
Source
