Your First Shell!

FeltSecure Labs
A free video tutorial from FeltSecure Labs
FeltSecure Labs: Cyber Security Courses with 10000+ Students
4.1 instructor rating • 4 courses • 17,937 students

Lecture description

Exploiting a Samba vulnerability on the victim machine and get shell remotely!

This lecture is very exciting as you'll send an exploit to our victim machine and pwn it remotely!

The modules you'll use: exploit/multi/samba/usermap_script

Learn more from the full course

Practice Your First Penetration Test: Kali & Metasploit Lab

Learn ethical hacking with Kali in your own lab, scan targets with Nmap and exploit victims with metasploit!

02:46:35 of on-demand video • Updated May 2017

  • Install and configure Kali Linux
  • Prepare virtual lab environment with Kali and victim machines
  • Scan networks with Nmap
  • Discover vulnerable applications
  • Exploit Linux and Windows servers with Metasploit
English [Auto] We have previously scanned menace voidable and Windows 7 machines. Apparently there are many open ports and services we can use especially on Madis voidable. At this stage you as a penetration tester need to figure out which of those services have some kind of little booty Luckily or target system is Madis point of view and there are lots of stuff we can use to get into that system. Keep in mind this is actually deliberately done this way. Things will be much harder than this in real life situations. Let's see what can we do to exploit the targets now in the previous lecture. We have important the findings to the MSF database. You can simply list them with services and post comments like this. There are many interesting stuff on the article especially shows this kind of IP address port shows name and some details you need to take a closer look at these services and figure out if there is anything useful. For example I see there is samba working on 174 1 31 supportable on ports 1 39 and 4 45. Let's check out our options here type search on MSF console to see the modules. If there is any. All right. We found lots of options here. You see the matching modules name disclosure dates rank and description. If you see excellence for great in this rank column this one for one that means the success rate is quite good for those movies. You can give a try on good average and normal types of ranks as well. But keep in mind that those modules might not work very well in some cases. OK let's try our luck with the first excellent one exploit multi Samba using Map scripts you remember how we set the modules perfect you guessed it what we need to copy this and then type use in simply paste it. Also you can use exploit Kanab multi tab Sumba tab and use a Mac using script as well and then Center. Now we have opened enabled this module. We can simply type again to see the details in the description part of it say is this Modula exploit the command exec level in some allusions to point zero point twenty two point three point three point twenty five. You remember the version we have discovered this type of service is again to double check it says 3.6. That means. And my scan was not able to determine the exact version but that should limit us to try our chances. You see there are only two options we need two sets. When you type info all we have is our hosts and our ports and our pool was actually set by default. All we need to do is to set our host now set our host and then on 29 168 174 and 1 for you. OK. When you type in fourth you will see our setting is here. We have successfully set the Arkell's seems all good. Now let's run to see what happens. Right. It looks like we have a. First shell. If you read a command shell session one opened this one. That's a good sign. Let's double check if we have leverage to exploit without any problems. Pipe ID to see your religious system and at this. Where was Mehta's foible here waiting for us to be exploited. I can send this back. It says the route I do and then what about Britain's working directory. This is why we have London director perfect. What about Alice. We see the names of the folders or files on the root directory. Finally let's type if can fake to get the IP details 174 1:31 looks like it all seems good and working. Now you have exploited it will nobility and got a rude trail on the remote server. Practically that means you phone that with them. What else to do. Basically anything you want. Look for the files through your interest. Download it at see pass read the file that's one for the shadow file or password caches or many other things you want whatever you want to do. Now you have the access that's Press Control Control-C to abort the session but don't forget since you are an ethical hacker having a privilege which enables you to do anything you want doesn't actually mean you can do anything you want on that show. Always stick with the contract you signed before the Papists use your power with caution