Hack Metasploitable2 with Kali-Linux

Posted on Posted in Tutorial's

Hier werde ich in der nächsten Zeit einige Videos zum Thema Metasploitable2 Hacking zeigen.

Was ist eigentlich Meatploitabel2?

Metasploitable
One of the problems you encounter when learning how to use an exploitation framework is trying to configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from sourceforge.

Never expose this VM to an untrusted network, use NAT or Host-only mode!
Once you have downloaded the VM, extract the zip file, open up the vmx file using your VMware product of choice and power it on. After a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

 

Metasploitable2_booted

Quelle: Offensive-Security

Nach dem Starten der beiden VM’s Kali-Linus und Metasploitable2 führen wir einen nmap-Scan durch: nmap -A -v -sS <Taget-Ip>

nmap-metasploitable2

result-metasploitanle2

Im Resultat sehen wir dann einige Details zu den Diensten die auf dem Target laufen, wir nehmen und z.B. mal den Port 21 – vsftp vor.

———————————————————————————————————————————–

Part1 : Metasploitable2 – Part1 – vdftp

———————————————————————————————————————————–

Part2 : Metasploitable2 – Part2 – IRC

———————————————————————————————————————————–

Part3 : Metasploitable2 – Part3 – php_cgi

———————————————————————————————————————————–

Part4 : Metasploitable2 – Part4 – druby

———————————————————————————————————————————–

Part5 : Metasploitable2 – Part5 – rmiregistry_java

———————————————————————————————————————————–

Part6 : Metasploitable2 – Part6 – usermap_script

Facebooktwittergoogle_plus

Leave a Reply