So been in my new job now for some time and still have not taken my Cisco courses but never mind there is nothing like procrastinating.
So Metaspoitable2 is a vulnerable by design VM that hosts numerous miss-configured" services that will allow exploitation. I downloaded my copy from sourceforge.
For the running the VM I used the latest version of VMware Player, you need to extract the files from the compressed folder, but if you are reading this that should not be a problem for you.
As you can see there are many ports running services on Metaspoitable2.
The service I am interested in is nfs running on port 2049.
Now nfs is a network file system or a network share.
So the next plan is to check to see were in the file system the share is located and then attempt to mount it.
Now this took a little time to get to and now you need to looking at how the system works.
Now as we have access to the file system it is possible to generate an ssh key and add it to the authorized keys file.
This will allow you to ssh in to Metaspoitable2 as root without having to provide a password, going by the rules of 2 is 1, 1 is none we currently have nothing.
The reason we have nothing is because if a server admin were to update the authorize_keys file then we would loose access. So to ensure access why don't we extract the user passwords for the server.
No comments:
Post a Comment