Scribd
Upload
14 views5 pages

Week8

The document discusses vulnerabilities in NFS and FTP services, detailing how to exploit them using commands like 'showmount' and 'telnet'. It also covers web application vulnerabilities using the Mutillidae application, demonstrating SQL injection attacks and how to fix issues within the application. The document provides step-by-step instructions for exploiting and addressing these vulnerabilities in a controlled environment.

Uploaded by

varshini v poojary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views5 pages

Week8

The document discusses vulnerabilities in NFS and FTP services, detailing how to exploit them using commands like 'showmount' and 'telnet'. It also covers web application vulnerabilities using the Mutillidae application, demonstrating SQL injection attacks and how to fix issues within the application. The document provides step-by-step instructions for exploiting and addressing these vulnerabilities in a controlled environment.

Uploaded by

varshini v poojary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Varshini V Poojary

240948003

Week 8

NFS Service vulnerability


First we need to list what services are visible on the target:

This shows that NFS (Network File System) uses port 2049 so next let’s determine what shares are
being exported: Metasploitable2 IP: 192.168.240.131

The ‘showmount’ command tells us that the root ‘/’ of the file system is being shared. Next we can
mount the Metasploitable file system so that it is accessible from within Kali:
FTP Server backdoor
The vulnerability being demonstrated here is how a backdoor was incorporated into the source code
of a commonly used package, namely ‘vsftp’. The FTP server has since been fixed but here is how
the affected version could be exploited:

In the previous section we identified that the FTP service was running on port 21, so let’s try to
access it via ‘telnet’:
‘telnet’ is used to activate the backdoor. The made-up username needs to be followed by ‘:)’ and
after inputting a made-up password press Enter then ‘^]’ ( control + ] ) followed by ‘quit’ to exit.
‘telnet’ can can be used to validate that the backdoor service has been opened on port 6200.

‘telnet’ is can now be used to access the target and Linux commands can be executed at will. Note
that each command needs to be suffixed by the ‘;’ character. To exit use ^] then ‘quit’.

This vulnerability can also be exploited using the Metasploit framework using the VSFTPD v2.3.4
Backdoor Command Execution.
Web Application vulnerabilities
There are a number of intentionally vulnerable web applications included with Metasploitable. Here
we examine Mutillidae which contains the OWASP Top Ten and more vulnerabilities.
Mutillidae has the following features:
• Setting the Security Level from 0 (completely insecure) through to 5 (secure).
• Setting 3 levels of hints from 0 (no hints) to 3 (maximum hints).
• A ‘Reset DB’ button in case the application gets damaged during attacks and the database
needs reinitializing.

Attempting an exploit
For our first example we have Toggled Hints to ‘1’ and selected the ‘A1- Injection -> SQLi –
Bypass Authentication -> Login’ vulnerability:
Trying the SSL Injection method of entering ‘ OR 1=1 -- ” into the Name field,

As described in the hints, gave the following errors:

Fixing Mutillidae
• Within Metasploitable edit the following file via command:
sudo nano /var/www/mutillidae/config.inc
• Next change
$dbname = ‘owasp10’
• Restart the web server via the following command:
sudo /etc/init.d/apache2 restart
Back on the Login page try entering the following SQL Injection code with a trailing space into the
Name field:
• ‘ OR 1=1 -- #last one space is included
The Login is successfully without having to input a password!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy