Hack Metasploitable with UnrealIRC backdoor

Metasploitable is an OS with baked in vulnerabilities for you to practice exploits using Metasploit. In this tutorial we will be taking a look at ow to gain a reverse shell on our target machine by exploiting the UnrealIRC backdoor. What is IRC? IRC means Internet Relay Chat, it is a messaging service that wasContinue reading “Hack Metasploitable with UnrealIRC backdoor”

Cracking SSH Password on Metasploitable

Metasploitable as we explored in previous blog posts is made to be exploited. Ideal for those learning penetration testing and wanting to become familiar with the procedures, and techniques. In this article we will look at how we can exploit a vulnerability in SSH that allows us to obtain the root user password. The firstContinue reading “Cracking SSH Password on Metasploitable”

Metasploitable FTP Attack

Continuing from our previous tutorial on how to target a Metasploitable machine with postgresql, we will try a different attack using FTP. In our Kali Linux machine we have already run nmap and identified our target machine. It has FTP port 21 open. Metasploitable is running vsftp. If a username is sent that ends inContinue reading “Metasploitable FTP Attack”

Exploiting postgresql with Metasploit

So let’s assume you have your metapsloitable target machine setup and we are in Kali Linux. we know our network range is 10.0.2.xx so first thing to do is run nmap to discover what is on our network and what ports are open. we will see all the machines on our virtual box network, andContinue reading “Exploiting postgresql with Metasploit”

Kali Hashcat and John the Ripper Crack Windows Password hashdump

In our last tutorial we took a look at how to gain access to a windows machine, elevate the user privileges and then get a hashdump of the passwords for the user accounts. using Meterpreter. Now we have a text file on our desktop of the passwords but they are in an unreadable format. ThisContinue reading “Kali Hashcat and John the Ripper Crack Windows Password hashdump”

Meterpreter hash dump with windows 10

So let’s assume you have been able to gain access to the target machine. In this instance I have access with meterpreter as detailed in previous tutorial. We then bypassed UAC to elevate our privileges. When we run the above you will find getsystem fails To elevate the system privileges we will bypass UAC firstContinue reading “Meterpreter hash dump with windows 10”

Defeat Windows 10 with Defender AMSI

Most of the standard off the shelf packages that generate payloads on Kali Linux are useless against the latest Windows 10 Defender (as of writing it is December 2020). I was able to generate payloads that could get around the virus checks, but the problem is wen executing. Windows AMSI (Anti Malware Scan Interface) willContinue reading “Defeat Windows 10 with Defender AMSI”

Editing a file in VIM editor

In a previous article we connected with a target machine using metasploit and a payload created using msfvenom. Then uploaded a text file to that machine. In this article we will look at the edit command in metasploit, and how to use it. So let’s imagine we are already connected and in the directory thatContinue reading “Editing a file in VIM editor”

Creating a simple payload with msfvenom

In order to establish a connection between metasploit and your target machine, it is necessary to create a payload. The payload is a program that contains malicious code to allow a backdoor between you and the target machine. Creating the payload is relatively easy using msfvenom. What is difficult is getting the payload onto theContinue reading “Creating a simple payload with msfvenom”