Round 2 of Kioptrix!!
As we saw from the initial NMap scan port 139 was open.
It's time to start prodding that beast. I use SMBClient to see if anonymous logins are allowed:
I will take that as a yes!
The SMB version running is 2.2.1a so it's time to start looking for exploits!
Using searchsploit I found 2 possibilities for manual execution (I want to stay away from Metasploit):
7.pl & 10.c
I had a look at 10.c exploit Exploit-DB
This seemed to be a good exploit to look at.
Time to grab and compile!!
So lets run this little beast.
So there we have it! Kioptrix 1 #tangodown
As we saw from the initial NMap scan port 139 was open.
It's time to start prodding that beast. I use SMBClient to see if anonymous logins are allowed:
I will take that as a yes!
The SMB version running is 2.2.1a so it's time to start looking for exploits!
Using searchsploit I found 2 possibilities for manual execution (I want to stay away from Metasploit):
7.pl & 10.c
I had a look at 10.c exploit Exploit-DB
This seemed to be a good exploit to look at.
Time to grab and compile!!
gcc -o smb 10.c
So lets run this little beast.
Looks like I need to choose -B0, -c (My IP),
So there we have it! Kioptrix 1 #tangodown
No comments:
Post a Comment