Skip to content

Easily Breaking Into Metasploitable 6 Times !! | Exploits and Chill | HOXFRAMEWORK

Posted in VIDEOS

Hello everyone and welcome back!

In this video we are hacking metasploitable !

Hacked things:

FTP
HTTP (Twiki)
Microsoft DS
Distcc
RMI Registry
IRCD

Exploits got us :
4 root users
2 non root

Exploit finding methods used : nmap scans, nmap script scans, metasploit , googling stuff , (you can also use searchsploit or other vulnerability finding tools, also metasploits post for local exploit finding or in this case the unix privesc file)

Exploits used:
-For FTP : exploit/unix/ftp/vsftpd_234_backdoor
-For HTTP (Twiki) : exploit/unix/webapp/twiki_history
-also used some auxiliaries and the shell_to_meterpreter post
-For the MicrosoftDS : exploit/multi/samba/usermap_script
-For the DistCC: exploit/unix/misc/distcc_exec
-For the RMIregistry : exploit/multi/misc/java_rmi_server
(notice that in the video i searched manually, cause nmap scan link says EXPLOITS not EXPLOIT, you can just remove the S)
-For the unrealIRCd : exploit/unix/irc/unreal_ircd_3281_backdoor

VIDEO TIMER:

VIDEO TIME :
1.17 – scanning ftp
2.12 – exploiting ftp
5:20 – looking into http (twiki) , showing xss
7:45 – exploiting twiki
10:35 – shell_to_meterpreter
14:30 – scanning Microsoft-DS
16:30 – stumbled upon distcc, explaining it and scanning it
17:15 – exploiting Microsoft-DS
18:40 – exploiting DistCC
20:10 – scanning RMIRegistry
22:40 – exploiting Java-RMI-Registry
24:35 – forgot to mention one thing about TWIKI ; Useful tip
25:40 – scanning IRC
26:47 – exploiting UnrealIRCd
27:20 – showing etc shadow

And that’s it ! 🙂 Thank you so much for watching and have a nice day.