On our previous article we learnt how to exploit the service
manually. You can find that article here.
Now let’s check out how exploit it without having to do it manually. We will exploit it using the vsFTPd 2.3.4 Backdoor Command Execution exploit module.
Metasploit is a penetration testing application. It can run
scans with nmap, check for vulnerabilities on target host, and allows for easy
exploit execution. It holds a database of exploits which are ready to load and
execute on the target host.
Starting Metasploit Console
Enter the command: msfconsole
The “msf> ” shows that you are now interacting with the metasploit
console.
Searching for vsFTPd exploits
Enter the command: search vsftpd
This command tells metasploit to search any exploits for
vsftpd
The results show that we have an exploit for it in our
metasploit database. From the description we can learn that the exploit is
meant for the vsFTPd v2.3.4. And from the name we know that the exploit is
located in the “exploit/unix/ftp/” directory.
Using the exploit
Enter the command: use /exploit/unix/ftp/vstfpd_234_backdoor
This command gets the exploit ready for you.We now need to give it a target to execute on.
Setting target on the exploit
Enter the command: show options
This command opens up all the options you can give to the exploit.
We can see 2 options; RHOST and RPORT. Both of them are
required but the RHOST is empty. RHOST is short for Remote Host a.k.a target
address. We need to give it the target address.
Enter the command: set RHOST <<target IP
address>>
Enter the command: show options
To see whether the target is set and any other remaining
required options that need to be set.
Looks like all is set. We now just need to execute the
exploit. We can do that by entering the command: exploit (or run).
Running the set exploit
This now gives you your backdoored shell :)
-Jayesh Kerai (@secjay)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.