🥌Linux Exploitation

Port Scanning & Enumeration

  1. cat /etc/hosts

    • Display the contents of the /etc/hosts file.

  2. nmap -sV -p 1-10000 <ip> -oN nmap_10k.txt

    • Conduct an Nmap scan with version detection on ports 1 to 10000 of the specified IP and save the output to the file "nmap_10k.txt".

  3. If you're unable to determine a proper service name, you can use netcat to grep the banner for that service. It's recommended to perform manual banner grepping for accurate results.

Targeting vsFTPd

  1. nmap -sV -sC -p 21 <ip>

    • Perform an Nmap scan with version detection and default scripts on port 21 (FTP) of the specified IP.

  2. auxiliary/scanner/smtp/smtp_enum

    • Use this Metasploit auxiliary module to enumerate users via the SMTP service.

  3. hydra -l <username> -P /usr/share/metasploit-framework/data/wordlists/unix_users.txt <ip> ftp

    • Employ Hydra to perform a brute-force attack using a list of Unix usernames and a common password list against the FTP service on the specified IP.

  4. After gaining access to the FTP server, consider attempting to establish a reverse shell on the server.

Targeting SAMBA

  1. nmap -sV -p 445 <ip>

    • Perform an Nmap scan with version detection on port 445 (SMB) of the specified IP.

  2. auxiliary/scanner/smb/smb_version

    • Use this Metasploit auxiliary module to identify the version of the SMB service.

  3. exploit/multi/samba/usermap_script

    • Employ this Metasploit exploit module to leverage the Samba usermap script vulnerability.

Hacker's Mantra:As the world becomes more digitized, there are more entry points for hackers. - Michael Demon Calce

PreviousWindows ExploitationNextAV Evasion & Obfuscation

Last updated