Metasploitable is an OS with baked in vulnerabilities for you to practice exploits using Metasploit. In this tutorial we will be taking a look at ow to gain a reverse shell on our target machine by exploiting the UnrealIRC backdoor. What is IRC? IRC means Internet Relay Chat, it is a messaging service that wasContinue reading “Hack Metasploitable with UnrealIRC backdoor”
Category Archives: metasploit
Cracking SSH Password on Metasploitable
Metasploitable as we explored in previous blog posts is made to be exploited. Ideal for those learning penetration testing and wanting to become familiar with the procedures, and techniques. In this article we will look at how we can exploit a vulnerability in SSH that allows us to obtain the root user password. The firstContinue reading “Cracking SSH Password on Metasploitable”
Metasploitable FTP Attack
Continuing from our previous tutorial on how to target a Metasploitable machine with postgresql, we will try a different attack using FTP. In our Kali Linux machine we have already run nmap and identified our target machine. It has FTP port 21 open. Metasploitable is running vsftp. If a username is sent that ends inContinue reading “Metasploitable FTP Attack”
Exploiting postgresql with Metasploit
So let’s assume you have your metapsloitable target machine setup and we are in Kali Linux. we know our network range is 10.0.2.xx so first thing to do is run nmap to discover what is on our network and what ports are open. we will see all the machines on our virtual box network, andContinue reading “Exploiting postgresql with Metasploit”
Metasploitable
What is Metasploitable? If you are starting out in pentesting you will need a vulnerable machine to use as a target. As you get better and your understanding deepens you will be able to start trying to penetrate more secure systems. However, at the beginning of you pentest journey you will need a less secureContinue reading “Metasploitable”
Kali Hashcat and John the Ripper Crack Windows Password hashdump
In our last tutorial we took a look at how to gain access to a windows machine, elevate the user privileges and then get a hashdump of the passwords for the user accounts. using Meterpreter. Now we have a text file on our desktop of the passwords but they are in an unreadable format. ThisContinue reading “Kali Hashcat and John the Ripper Crack Windows Password hashdump”
Meterpreter hash dump with windows 10
So let’s assume you have been able to gain access to the target machine. In this instance I have access with meterpreter as detailed in previous tutorial. We then bypassed UAC to elevate our privileges. When we run the above you will find getsystem fails To elevate the system privileges we will bypass UAC firstContinue reading “Meterpreter hash dump with windows 10”
Defeat Windows 10 with Defender AMSI
Most of the standard off the shelf packages that generate payloads on Kali Linux are useless against the latest Windows 10 Defender (as of writing it is December 2020). I was able to generate payloads that could get around the virus checks, but the problem is wen executing. Windows AMSI (Anti Malware Scan Interface) willContinue reading “Defeat Windows 10 with Defender AMSI”
Editing a file in VIM editor
In a previous article we connected with a target machine using metasploit and a payload created using msfvenom. Then uploaded a text file to that machine. In this article we will look at the edit command in metasploit, and how to use it. So let’s imagine we are already connected and in the directory thatContinue reading “Editing a file in VIM editor”
Creating a simple payload with msfvenom
In order to establish a connection between metasploit and your target machine, it is necessary to create a payload. The payload is a program that contains malicious code to allow a backdoor between you and the target machine. Creating the payload is relatively easy using msfvenom. What is difficult is getting the payload onto theContinue reading “Creating a simple payload with msfvenom”