A penetration test on Red Hat Enterprise Linux 5.4 in BT5

Source: Internet
Author: User

The best way to learn is to link theory with practice. When we know how to penetrate an attack, someone will try to simulate a real attack. During Penetration, when we find that some ports are opened on a machine, you can think about how to use the relevant service vulnerabilities to launch attacks without thinking about them. The success of each attack depends on the operating system of the target host. The installed Service Pack version and language type also depend on whether the Data Execution Protection (DEP: Data Execution Prevention) is successfully bypassed ). DEP is designed to defend against buffer overflow. It renders the program stack as read-only to prevent shellcode from being maliciously placed on the stack and executed. However, we can bypass DEP protection through some complex stack operations. The essence of attack penetration is to fully identify the security vulnerabilities in the target system, find the corresponding attacks against the vulnerabilities, and obtain system access permissions. 1. The penetration of the operating system has been described in the previous experiment. If you do not know it, you can view it. 2. penetration of installed service packages
Use nmap to detect the target machine quota and scan the port number and service version number.

 

 

 

 

Open the metasploit (msfconsole) that comes with BT5 to search For vsftpd-related vulnerability modules in the msfconsole. We just found a vsftpd2.3.4 vulnerability module and used it.

 

 

 

Set RHOST as the IP address of the target host and execute overflow directly. We will get a linux shell

 

 

Queries and various operations in shell

 

 

Add an account with uid = 0 to the shell to raise the permission. In this way, we have full control over the target machine and can perform any operation without knowing the root password!

 

 

 

 

If port 3389 or port 22 is enabled for the peer, we can directly log on to linux. After detecting a vulnerability in the installed service package, we need to promptly patch the vulnerability or download and use a new version to avoid host failure because the vulnerability is not fixed in time! E n d !!!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.