1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help exploiting Linux

Discussion in 'Ethical hacking' started by gunman, Jun 30, 2010.

  1. gunman

    gunman New Member

    Joined:
    Jun 30, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    I am a newbie at this and I am stuck, I am hoping I can get some advice; my situation is I have a laptop running vmware on Windows 7, my 3 virtual machines are Linux, my objective is to obtain the root password on my 2 of my Linux VMs, where I am stuck at is how to break in and obtain a shell prompt at least thats what I think I need to do:

    I tried many exploits with metasploit to the listener ports open but to no avail;
    I tried running an exploit to run a netcat command to open a shell but no sessions created on metaspoit:

    I want to figure this out myself but its obvious I need some guidence. I hope some one can help me.

    Thanks in advance. gunman

    Here are my nmap result on machine 200:


    Discovered open port 110/tcp on 192.168.1.200
    Discovered open port 111/tcp on 192.168.1.200
    Discovered open port 993/tcp on 192.168.1.200
    Discovered open port 143/tcp on 192.168.1.200
    Discovered open port 443/tcp on 192.168.1.200
    Discovered open port 22/tcp on 192.168.1.200
    Discovered open port 21/tcp on 192.168.1.200
    Discovered open port 23/tcp on 192.168.1.200
    Discovered open port 199/tcp on 192.168.1.200
    Discovered open port 80/tcp on 192.168.1.200
    Discovered open port 995/tcp on 192.168.1.200
    Discovered open port 109/tcp on 192.168.1.200
    Discovered open port 32770/tcp on 192.168.1.200
    Discovered open port 7/tcp on 192.168.1.200
    Discovered open port 79/tcp on 192.168.1.200
    Discovered open port 6000/tcp on 192.168.1.200
    Discovered open port 32768/tcp on 192.168.1.200

    PORT STATE SERVICE VERSION
    7/tcp open echo
    21/tcp open ftp vsftpd 1.1.3
    22/tcp open ssh OpenSSH 3.5p1 (protocol 1.99)
    |_sshv1: Server supports SSHv1
    | ssh-hostkey: 1024 2d:db:ed:2f:1c:0b:90:8f:32:bd:d5:76:79:6d:7f:6e (RSA1)
    | 1024 79:99:86:f3:25:35:e8:34:c2:ae:2e:f3:75:88:14:12 (DSA)
    |_1024 02:e1:de:15:37:36:f6:e0:16:07:c2:e8:05:4e:4f:77 (RSA)
    23/tcp open telnet Linux telnetd
    79/tcp open finger Linux fingerd
    |_finger: No one logged on.

    80/tcp open http Apache httpd 2.0.40 ((Red Hat Linux))
    | http-methods: GET HEAD POST OPTIONS TRACE
    | Potentially risky methods: TRACE
    |_html-title: Test Page for the Apache Web Server on Red Hat Linux
    109/tcp open pop2 UW POP2 server 2001.63rh
    110/tcp open pop3-proxy PGP Universal pop3 proxy (Proxied greeting: POP3 [192.168.1.200] v2001.78rh server ready)
    |_pop3-capabilities: OVID STLS OK(K Capability list follows) UIDL USER LOGIN-DELAY(180) TOP SASL(LOGIN PLAIN)
    111/tcp open rpcbind 2 (rpc #100000)
    143/tcp open jdwp
    |_imap-capabilities: IMAP4rev1 AUTH=LOGIN IDLE AUTH=PLAIN OVID STARTTLS
    199/tcp open smux Linux SNMP multiplexer
    443/tcp open ssl/http Apache httpd 2.0.40 ((Red Hat Linux))
    | http-methods: GET HEAD POST OPTIONS TRACE
    | Potentially risky methods: TRACE
    |_sslv2: server still supports SSLv2
    |_html-title: Test Page for the Apache Web Server on Red Hat Linux
    993/tcp open ssl/imap UW imapd 2001.315rh
    |_sslv2: server still supports SSLv2
    |_imap-capabilities: LOGIN-REFERRALS IMAP4REV1 AUTH=PLAIN SCAN THREAD=REFERENCES MAILBOX-REFERRALS SORT AUTH=LOGIN THREAD=ORDEREDSUBJECT IDLE NAMESPACE MULTIAPPEND
    995/tcp open tcpwrapped
    |_pop3-capabilities: OK(K Capability list follows) UIDL LOGIN-DELAY(180) USER TOP SASL(PLAIN LOGIN)
    6000/tcp open X11 (access denied)
    32768/tcp open status 1 (rpc #100024)
    32770/tcp open mountd 1-3 (rpc #100005)
    Running: Linux 2.4.X
    OS details: Linux 2.4.18 - 2.4.35 (likely embedded)

    Here are my nmap result on machine 73:
    Discovered open port 22/tcp on 192.168.1.73
    Discovered open port 111/tcp on 192.168.1.73

    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
    | ssh-hostkey: 1024 85:62:1b:9c:3c:36:bb:41:2d:64:6a:4b:e1:aa:9f:07 (DSA)
    |_2048 f9:19:f1:a0:f5:33:80:90:33:07:f9:9f:21:2f:fb:7f (RSA)
    111/tcp open rpcbind 2 (rpc #100000)
    Device type: general purpose
    Running: Linux 2.6.X
    OS details: Linux 2.6.9 - 2.6.28
     
  2. gunman

    gunman New Member

    Joined:
    Jun 30, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    This exercise is for my CPT cert, I would appreciate a hint if metasplot is the right direction or not, or should I pursue another route. FTP, TELNET etc.
     

Share This Page