© 2022 - aleteo.co
Foot-printing and Reconnaissance
Openssh Openssh version 4.7p1: Security vulnerabilities, exploits, vulnerability statistics, CVSS scores and references (e.g.: CVE-2009-1234 or 2010-1234 or 20101234) Log In Register. Gentoo Infra has openssh-4.7p1-r1 LPK running and in production use on several amd64 machines, and we haven't seen any problems. Comment 4 Piotr Stolc 2008-02-23 10:16:28 UTC The problem is with length of timet type (it is long - 4 bytes on 32-bit and 8 bytes on 64-bit archs).
Scanning
Exploitation| Ports | Services | Operating Systems | How-to |
|---|---|---|---|
| 21 | FTP vsftpd - vsFTPd 2.3.4 | Ubuntu/Debian | How to exploit vsftpd backdoor – Metasploitable2 How to exploit vsftpd backdoor (manually) – Metasploitable2 |
| 22 | SSH - OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) | Ubuntu/Debian | How to brute force SSH – Metasploitable2 How to exploit Predictable PRNG Bruteforce OpenSSH – Metasploitable2 How to login SSH by using private key – Metasploitable2 How to login SSH by using the attacker’s private key – Metasploitable2 |
| 25 | SMTP | Ubuntu/Debian | How to enumerate SMTP user – Metasploitable2 |
| 80 | Apache/2.2.8 (Ubuntu) DAV/2 | Ubuntu/Debian | How to exploit WebDav – Metasploitable2 |
| 80, 8080, 8180 | Apache Tomcat/Coyote JSP engine 1.1 Tomcat/5.5 | Ubuntu/Debian | How to exploit TOMCAT – Metasploitable2 |
| 139, 445 | netbios-ssn | Windows | How to exploit MS_08067netapi using Metasploit Framework GUI |
| 139, 445 | netbios-ssn, SAMBA - smbd 3.X | Ubuntu/Debian | How to exploit SAMBA, usermap_script (CVE-2007-2447) – Metasploitable2 How to exploit Samba Symlink Directory Traversal – Metasploitable2 |
| 512, 513, 514 | 'r' services | Ubuntu/Debian | How to connect “r” services – Metasploitable2 |
| 1099 | Java RMI | Ubuntu/Debian | How to exploit the Java RMI Server – Metasploitable2 |
| 1524 | “ingreslock” backdoor | Ubuntu/Debian | How to connect “ingreslock” backdoor – Metasploitable2 |
| 2049 | NFS | Ubuntu/Debian | How to mount Network File System (NFS) – Metasploitable2 |
| 3260 | Skuzzy | Ubuntu/Debian | How to connect skuzzy without credentials - Ew_Skuzzy |
| 3306 | MySQL | Ubuntu/Debian | Commands: How to brute force MySQL – Metasploitable2 How to read the password file via MySQL – Metasploitable2 How to use Mysqladmin Commands for Database Administration Configurations: How to reset the Mysql Password in Kali linux How to fix MySQL (Can’t connect) in Kali linux2 |
| 3632 | distcc daemon - v1, 2.x | Ubuntu/Debian | How to exploit the distcc daemon – Metasploitable2 |
| 5432 | postgresql | Ubuntu/Debian | How to brute force PostgreSQL – Metasploitable2 How to exploit the OS file system via PostgreSQL – Metasploitable2 |
| 6777 | Unreal ircd - 3.2.8.1 | Ubuntu/Debian | How to exploit the UnrealIRCD (Backdoor Command Execution) – Metasploitable2 How to exploit the UnrealIRCD manually (Backdoor Command Execution) – Metasploitable2 |
| 8787 | Ruby DRb RMI server - 1.8 | Ubuntu/Debian | How to exploit Ruby DRb RMI – Metasploitable2 |
| 80, 7001 | WebLogic Server Application 10.3.6.0.0 12.1.3.0.0 12.2.1.1.0 12.2.1.2.0 | Ubuntu/Docker | How to exploit WebLogic server via Java De-serialization Vulnerabilities |
SSH - OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) Ubuntu/Debian: How to brute force SSH – Metasploitable2 How to exploit Predictable PRNG Bruteforce OpenSSH – Metasploitable2 How to login SSH by using private key – Metasploitable2 How to login SSH by using the attacker’s private key – Metasploitable2: 25: SMTP: Ubuntu/Debian.
Privilege Escalation| Operating Systems | Versions/Kernel | Vulnerabilities | How-to |
|---|---|---|---|
| Linux | Ubantu 8.04, 2.6.24-16 | udev < 141 | How to escalate the privilege by UDEV < 141 – Metasploitable2 |
| Linux | Ubantu 14.01, 3.13.0-32-generic | Apport/Abrt < 2.17.1 | How to escalate the privilege by Apport (Installed packages) – Sedna |
| Chkrootkit 0.49 | How to escalate the privilege by Chkrootkit 0.49 (Configuration files) – Sedna | ||
| Linux | Ubantu 11.10, 3.0.0-12-generic | SUID | How to find SUID permission – Nebula 00 |
| $PATH | How to modify $PATH (environment variable) - Nebula 01 | ||
| environmental variable + command injection | How to inject command through the environmental variable – Nebula 02 | ||
| crontab + improper permission | How to escalate the privileges through improper contrab implementation – Nebula 03 | ||
| bypass the filename filter + SUID | How to bypass the filename filter to execute the SUID file – Nebula 04 | ||
| hidden backed file + disclosure of private key of SSH | How to find the hidden file and login SSH through private key – Nebula 05 | ||
| hashed password in passwd + crack password hash | How to crack the hash contained in passwd – Nebula 06 | ||
| OS command injection through CGI + improper privilege assignment of web server | How to inject the OS command through CGI – Nebula 07 | ||
| disclosure .pcap file containing the password + improper file permission setting | How to disclose the password through the .pcap file – Nebula 08 | ||
| Windows | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 | MS16-041 | How to escalate the privileges through MS16-041 (Post-exploitation due to non-fully patch Windows platform) |
Password Cracking
Steganography
Sniff
Protocol
OS
Openssh 4.7 P1102w
MACOS
Coments are closed