Hunting & Cracking Specific Ports/Services In A Network

If we have an initial foothold on a network, we want to be able to push on from there. We can search for open shares (as discussed in my other post) or we can start looking for specific services/ports on the network. For example – we have access to an endpoint which doesn’t contain a […]

Bloodhound

Bloodhound is a great tool, created by Rohan Vazarkar (@CptJesus) and Will Schroeder (@harmj0y). It can help you find your way around a domain and can map routes/paths to target machines or accounts in Active Directory. It’s really useful when you first find yourself on a network and just requires a domain joined machine to […]

Metasploitable 2 – Password Hash Cracking with John the Ripper

This post assumes you have access to a the target filesystem in question and want to extract and then crack the password hashes from the local machine. In this example I am going to crack the account passwords used in Metasploitable 2 but the techniques here can be used in many different scenarios. John the […]

Metasploitable 2: Compromise – NFS Shares

Our Nessus scan results show an interesting vulnerability: Medium (5.0) 42256 NFS Shares World Readable It’s only got a medium risk rating but who knows what data is in there. Lets connect to it from our Kali box. There are various ways you could do this – here we can simply point the file browser […]

Metasploitable 2 – Compromise: Root Shell

Remember our Nmap results? (https://securityaspirations.com/2017/06/25/metasploitable-2-system-recon/) One of the entries in there was listed as follows: 1524/tcp open shell Metasploitable root shell This is probably one of the simplest Metasploitable vulns. There is a root shell open on the box, lets see if we can connect to it with telnet telnet 192.168.168.134 1524 Telnet <dest_IP> <dest_Port> […]

Metasploitable 2 – Compromise: UnrealIRC

Lets take a look at this Nmap result in more detail: 6667/tcp open irc UnrealIRCd Nessus results also show some details here: Critical (10.0) 46882 UnrealIRCd Backdoor Detection Worth checking to see if Metasploit has a module we can use here. Fire up Metasploit with: msfconsole And lets do a search for any hits on […]

Metasploitable 2 – Compromise: rlogin

Using rlogin to compromise Metasploitable2

Metasploitable 2 – Vuln scan with Nessus

Using Nessus to perform vulnerability scan against Metasploitable 2

Metasploitable 2 – System Recon

Using nmap to perform a full port scan against Metasploitable 2

Metasploitable 2 – Finding Metasploitable with nmap

Find Metasploitable 2 on your network using nmap on Kali