13Mar 2019 by admin

VulnHub – Basic Pentesting 1 (alternative exploit)

http, metasploit, privilege escalation, VNC
In my last post, I was able to gain root access the Basic Pentesting 1 virtual machine, downloaded from Vulnhub.com. In today's post, I'll be attempting to exploit the same machine in a different fashion! Let's have a quick reminder of our Nmap scan of the VM, in order to see what services are available. The http service is running! If we were to plug the address 10.10.1.12 into an address bar, we don't really see much. But this doesn't mean we should give up! Let's try brute forcing some directories with DirBuster. Here, I plugged the address of the VM into "target URL", and chose a simple dictionary list to brute force with. After letting DirBuster run for a bit, we start getting some results back: The directory called…
Read More
10Mar 2019 by admin

Metasploitable – VNC

metasploitable, remote access, VNC
Happy Sunday, folks! In today's post, I'll be exploiting VNC in my Metasploitable box to achieve root access. It's another easy exploit, so it's a good one to get the brain juices flowing for the day. VNC (Virtual Network Computing) enables a users to control another computer over a network connection. So in other words, it's a remote-control software. Looking at our previous Nmap scan, we can see that Metasploitable has a VNC server running. VNC is running on port 5900. Cool, let's get to work! We'll fire up Metasploit first and see if we can find any exploits. Once the framework has opened, a simple search for VNC should return results. Hmm. The module auxiliary/scanner/vnc/vnc_login looks promising. Let's give it the old college try and boot it up. A…
Read More