About
LearnDesk
Learn  
Topics
Topics
Topics
Topics
Topics
Topics
Topics
Teach
  Teach Online
  Schedule
  Items
  Billing
  Users
  Marketing
  Analytics
  Settings
  Change School
Account
 

IT Security Gumbo: Exploitation of Kali

Exploiting Services
Samba Exploit
Preview
IRC Exploit
Java RMI Exploit
Exploiting Shell Shock
Using MSF
Using HTTP
Using BadBash
Exploiting Privlege Escalation
Kernel Exploit
Empire and Setoolkit

Samba Exploit

IT Security Gumbo: Exploitation of Kali Exploiting Services
By: Corey Charles
7 minutes
Share the link to this page
Copied
  Twitter
  Email
Add the class to your calendar
Print
  Completed

Transcript

Hey guys. So in our first video on it is something simple. I want to show you guys how you can exploit Samba vulnerability and get a meterpreter shell from a normal commercial. This will be really efficient when you're trying to do pen testing and stuff like that. So I'm going to be using Kali Linux and Metasploit Framework for this. So let's open it up, MSF console, and I'll pull up your framework.

And my target machine is going to be meta splittable two. So I already pulled it up from my VirtualBox right here. Let's log into it, MSF admin and MSF admin or like the default username and password for Metasploit. And now I'm in let's get the IP address off it. Let's use 1921680128. Perfect.

So let's go back to our Kali machine. Awesome. We got our meta splitter, full framework running. Now I'm going to look for some because that's what we were trying to see if I were talking about vulnerable. So we're going to look for somebody. And I want to look for something like a script could give me like a back and forth.

Exploitation control. So I'm going to go with this case. Let's see if there's any girls, you know, this is I think this will work. So let's get that. Let's use it, use this particular exploit. Awesome.

Let's set. Let's see what options it has. So our port our hosts, we gotta set our levels, let's set our our not exploitable to which is our vulnerable target machine. So I'm going to say what 921680128 I remember. And let's see the options again, if it says always try to check if they're set, just in case before you run. And now I'm just gonna look for a payload.

So let's look for what payloads are there. So pillar is a one that will give me like a back and forth connection from the target machine to my local machine. So let's look for payload. And I want to like look for something that can bind the connection. So with the script, so there's a ping back, we can use ping back, or, let's see if there's any like PERL script. because that'll be very efficient.

Oh, it's right here. So you can you take that, bind it, set the payload, and just paste it. Awesome. Now we are again, check for the options and see if anything to be full. As you can see, we need Oh, awesome. We don't actually don't need anything.

Great. So we have our payload set. Now we need to just run it. So let's run it and see if our target is vulnerable. Awesome. It's working as you can see Shell already opened up.

So shell open up in our meta splittable to machine like you can check if you can check who is real to be on the machines root system. And you can check if conflict 128, which is our target machine. So we're in the command shell of our target machine. But this is not really efficient because it's just a normal command shell, they can only execute like cool commands and like exploits and stuff like that. So we're going to try to get meta shell on it, but I'm trying to upgrade this shell to meterpreter shell for that first, let's get this in background. So I'm just going to type Ctrl T and I'm going to just background the session and now I'm going to look for Shell to meta pets.

Awesome. So we got a post this Give us like a upgrade to matter printer. So let's, let's use that. So as you can see, we got the posting, all you got to do is just type you and copy that. Paste it. Awesome.

Now let's look for our options. For this one, we need to set our elbow. So let's, let's see what is our elbow square. So let's just open another tab and see what our calling ideas. So let's say 21680 127. Awesome.

Now let's see what sessions are open just in case. So as you can see, we just have one session open right now, which is a normal command shell on our vulnerable machine which is Metasploit able to we were trying to get a Metacritic shell so once if this particular exploit actually works, we're going to be having two sessions. To open as much metal printer. So let's try to get there. First let's set this session on upgraded matter. splittable to metal printer, sorry.

So let's set this Szish session. Now let's run it. So let's say the following options fail to validate. Okay, I know why because I just typed the wrong so let's actually set one there you go session and set. And now just run. Let's scope that amount of pretty social.

Awesome. So as you can see, matter printer, session, two is open. Now you can check it again. If there's anything there you go. So session two, which is our meta puddle, meta printer, shell. So now, all you got to do is start sessions and then I to dash I to this will start meterpreter session.

Perfect as you can see we have our meterpreter session shell open on the vulnerable mission which is metaphorical to if you want to check further you can do something like this info. And there we go you can see it's meta exploitable local admin, operating system Ubuntu and all those kind of details. So there you go. That's one simple way to get extreme access to a vulnerable machine, which is really cool because when you try a pen test metal printer is a really, really efficient tool because it is a set of all kind of exploits and all kind of vulnerable like attack mechanisms. City I hope you enjoyed this video. See you in the next video.

Previous
Next
Home
Search
Saved
Trending Classes
Filter
The latest and the best classes on LearnDesk
Filter by Interest
Close
All Topics
Academics
Business
Creative
Health and Fitness
LifeStyle
Personal Development
Software
Admissions
Engineering
Hardware
Hospitality
Humanities
Chinese
Languages
Maths
Other
Pharma
Research
Science
Social Science
Teaching
Test Preparation
K-12
School
Accounting
Advertising
Analysis
Analytics
Business Communication
eCommerce
Entrepreneurship
Finance
Finance - India
Freelancing
Internet of Things
Digital Transformation
Human Resources
Industry
Management
Marketing
Media
Operations
Other
Project Management
Public Relations
Real Estate
Sales
Strategy
Arts & Crafts
Audio Editing
Audio Production
Dance
Design
Film Production
Music
Photography
Video Production
Writing
Dieting
Fitness
Food Safety
Games
Medical
Medical Professionals
Meditation
Mental Health
Pregnancy
Safety & First Aid
Self Defense
Sports
Beauty & Makeup
Food
Fashion
Gaming
Home Improvement
Parenting
Pet Care & Training
Relationships
Sustainable Living
Travel
Career Development
Learning
Religion and Spirituality
Self-Improvement
Accounting
Amazon Web Services
App Development
Continuous Integration
Backup Software
Business Automation
Computational Fluid Dynamics
Business Intelligence
Computer Aided Design (CAD)
Content Management System
Customer Relationship Management
Database
Data Mining
E-Commerce
Enterprise Asset Management
Enterprise Resource Planning
Game Development
Google Cloud
Linux
Artificial Intelligence
Machine Learning
Master Data Management
Microsoft
Music Software
Network and Security
Open Source
Operating System
Other
Process Management
Productivity Software
Programming Languages
Robotics
Supply Chain Management
Testing
Teaching
Web Development

Sign Up

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.