search

Infiltrating Unix/Linux

hashtag
🐧 Infiltrating Unix/Linux

hashtag
🌐 Why Focus on Unix/Linux?

  • Over 70% of websites run on Unix-based systems.

  • Commonly used for hosting web applications on-premises.

  • Gaining a shell allows potential pivoting within the network.

hashtag
🧠 Key Considerations Before Attacking

Ask yourself:

  • What Linux distribution is running?

  • What shells & languages are available (e.g., bash, python, php)?

  • What is the system’s role (web server, database, etc.)?

  • What applications are hosted?

  • Are there known vulnerabilities?

hashtag
πŸ” Enumeration with Nmap

nmap -sC -sV 10.129.201.101

hashtag
🧾 Services Detected:

  • FTP on port 21: vsftpd 2.0.8 or later

  • SSH on port 22: OpenSSH 7.4

  • HTTP on port 80 & HTTPS on 443: Apache/2.4.6 (CentOS) + PHP/7.2.34

  • MySQL on port 3306

  • rpcbind on port 111

  • System is likely CentOS

hashtag
πŸ’» Web App Analysis

  • Visited http(s)://10.129.201.101 in a browser

  • Discovered rConfig 3.9.6 (network device config tool)

hashtag
πŸ“š Vulnerability Research

Search for:

  • Discovered RCE vulnerabilities

  • Use Metasploit to search:

hashtag
Found Modules:

If a module isn’t listed, download from GitHub:

Place .rb exploit file into the correct Metasploit folder.

hashtag
🎯 Exploiting rConfig with Metasploit

hashtag
Load the Exploit:

hashtag
Run the Exploit:

hashtag
Output:

hashtag
πŸ–₯️ Interacting with the Shell

  • Non-TTY shell with limited commands

hashtag
🐍 Spawning a TTY Shell with Python

Check if Python is available:

Spawn TTY shell:

hashtag
Example Output:

PreviousπŸ› οΈ MS17-010 EternalBlueNext🐍 Spawning a TTY Shell with Python

Last updated