Saturday, June 11, 2016

METASPLOIT - Linux - RLogin


- Layout for this exercise:

- Rlogin (Remote Login) is an old service used for remote administration that allows users to connect machines over a network. In some way it can be considered predecessor of SSH. Rlogin suffers from several security issues, like unencrypted transmission and unreliable authentication protocols. For this reason nowadays it is rarely used across untrusted networks. However, some Linux systems have the service enabled by default, which can be taken advantage by malicious attackers. Rlogin runs at port TCP 513.

- Scanning the victim with  NMAP the attacker views that port 513 is open:

- The attacker just tries to connect remotely to the victim, under root username (not asking for password), achieving a shell without any problem. The example shows how the authentication protocol is really weak, because it does not ask for a password:

- Once there, the attacker can totally manage the victim's system:

- netstat command displays connection between victim and attacker: