InterN0T Presents: Hacking Metasploitable Live! [Part 1]

Interesting Time Indexes 20:43 Stream begins 21:25 NMAP Ping Scan 22:02 NMAP Syn Scan Local File Inclusion [ 22:13 Web layer (HTTP TCP port 80) overview 23:03 Burp Suite Free 23:31 Configuring FireFox (Iceweasel) 23:40 Local File Disclosure/Download 25:40 Local File Inclusion (LFI) 26:55 Injecting PHP code into SSH log files for LFI 28:40 Example PHP code injection 29:21 Executing the injected code ] SQL Injection [ 45:14 SQL Injection (Authentication Bypass) - Burp 48:35 SQL Injection (Authentication Bypass) #2 - Burp 50:01 Using SQLmap 53:00 SQLmap success ] Cracking MD5 hashes from databases [ 57:00 MD5 hash within a database 57:50 Wordlists within Kali 58:25 Truncating a wordlist 59:12 Using John to crack MD5 hashes (using wordlists) 59:50 Using John with a large wordlist to crack an MD5 hash (successful) ] Insecure file upload [ 1:05:38 Insecure File Upload 1:08:40 Testing the file upload feature 1:20:35 Uploading a php file with low security settings. 1:30:22 Generating a working PHP meterpreter. (Brain was turned off for a few moments.) 1:32:35 Realising that meterpreter PHP comments out PHP start tag by default 1:34:20 Remembering to forward the meterpreter PHP request in Burp ] 1:36:18 Break time 1:44:47 Back from break Metasploit Madness [ 1:45:40 Generating a meterpreter ELF 1:47:12 Uploading the new binary with our PHP meterpreter shell 1:50:14 Chmod +x meterpreter and execution 1:56:47 Privilege escalation (udev) 1:58:08 Upgrading a basic shell to meterpreter ] Cracking with John, Hydra and NCrack [ 1:58:53 Downloading /etc/shadow 2:00:00 Using John to crack the shadow file 2:03:30 Checking the /etc/passwd file for users that log in 2:05:12 Logging in as the service user 2:06:05 Creating a bruteforce (username) file for Hydra 2:08:09 Running Hydra against SSH 2:10:10 Using ncrack instead 2:12:40 More hashes to crack from the SQL Injection 2:15:50 Ncrack identified valid credentials ] Sudo and VNC [ 2:18:20 Looking into using sudo for privilege escalation 2:39:00 Metasploit and VNC 2:40:20 VNC bruteforce using Metasploit (successful) ] 2:45:14 The End During this session there will be no elite hacks or 0days, instead we will just play around with Metasploitable live! (With only very basic preparation!) References: - Metasploitable: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ - Kali Linux: https://www.kali.org/downloads/ - Exploitability Guide: https://community.rapid7.com/docs/DOC-1875 - Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/ Broadcast Note: This session is also a test run of live broadcast hacking for fun. Disclaimer: All hacks performed during this session are performed against locally hosted virtual machines. InterN0T does not perform nor condone any unethical or illegal hacking.