Monday, June 13, 2016



- Layout for this exercise:

- First, let's exploit the pivot XP taking advantage of the netapi vulnerability:

- Setting the remote host to the XP's IP address:

-  Looking for a meterpreter session and a reverse_tcp shell:

- The local host is the attacker itself, due to the reverse shell:

- Once launched the exploit, the attack is successful and a meterpreter session is achieved:

- The pivot has got two interfaces, one with the outside network and the other with inside network

- Let's discover hosts inside the inside network Because corresponds to the pivot XP, the must belong to the innermost machine, the vitcim:

- Backgrounding the meterpreter session 1:

- So far, there is only one active meterpreter, number 1:

- A route is added to the inside network, using the active meterpreter session 1:

- Printing the route:

- Backing from the netapi exploit:

- Scanning open ports (just from 1 to 500) at the victim

- Several interesting ports are open, for instance TCP 21, usually dedicated to FTP service:

- Backing from the auxiliary script:

- Now, let's try attacking the FTP service on the victim:

- Setting the victim's IP as the remote host:

- Let's use the payload cmd/unix/interact to get a remote shell:

- Required options:

- Once the exploit is run the attack is successful because the remote shell is finally achieved, back from the victim's machine: