Tutorials | Challenges | Tools | Downloads | Resources | Documentaries

Hacking Ports



In the tutorial 'Using ebooks to hack targets' we created a PDF RAT in order to gain remote access to our target. The only hurdle to that is trying to get the RAT on the target's system.

As another option, we can hack our target's system via it's ports. 

In this tutorial we will:

1) Scan the network for a victim

  2) Scan the victim's ports and services for vulnerabilities

3) Gain access to our victim's system via the found vulnerability

First, we'll need to start 'postgresql' & 'msfconsole'

[Image: 1.png]


After the above command has finished, the follow display will show:

[Image: 2.png]

Let's leave this window as it is for a now, and open up a separate terminal.

In this terminal, we want to scan the network for a victim, by using the following nmap command:
[Image: 3.png]


I've chosen this victim, who has many ports open on their system:

[Image: 4.png]

  Note: Write down your victim's IP

In the above information, we saw what ports are open, along with the services that are running on them.

The next step is to find out the versions of those services.

To do this, we'll changed our nmap syntax to scan just the victim's ports, but also show us the version of each service:

[Image: 5.png]
The above command has given us the following results:

[Image: 6.png]

Now we have all the information we need, we can choose a service and find out if it has a know vulnerability.

I'm going to choose vsftpd 2.3.4 on port 21

Let's head back over to our msfconsole terminal and search for that service and version:
[Image: 7.png]



Great, there is a vulnerability for this service:
[Image: 8.png]



Now, we are going to use the exploit name exploit/unix/ftp/vsftpd_234_backdoor by typing the following syntax:
[Image: 9.png]

Once it has loaded, we want to type show options to see what options must be given in order for the exploit to work.


[Image: 10.png]


This exploit only has two options that we need to complete: RHOST (the victim's IP) & RPORT (the victim's port to be hacked)


RPORT is already set to 21, so all we need to do is set RHOST to the victim's IP:
[Image: 11.png]



We are all set. Now to start our hack, we type exploit or run
[Image: 12.png]

Great! We now have a command shell session open on our victim's system.

We can type pwd to see where our current location is in the victim's system:
 
[Image: 13.png]



As you can see, we are in root. We can see what files and folders are located here by typing ls

[Image: 14.png]

ls & pwd are just two available commands. To check the full list of commands, we can type help:

[Image: 15.png]

Note: The above image doesn't contain all the results after pressing help.

At this point, we have successfully hacked our target, and would considering killing some processes in order to stay stealthy, or download and upload files.
Labels:
Reactions:

Post a Comment

[blogger]

GrayHatHackers

{twitter https://twitter.com/ghhackers}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget