Using Kali Linux, Learn how to Access and Compromise any system.

Niraj Adhikari May 22, 2022

what is IP address?

An IP address, such as 192.0.2.1, is a numerical identifier that identifies a computer network that communicates using the Internet Protocol. An IP address has two key functions: it identifies the network interface and it addresses the location.

Ip = internet protocol address

IP Address
what is ip address

Types of IP address

  • Public ip addres
  • Private ip address
  • Static ip address
  • Dynamic ip address
Public ipPrivate ipStatic ipDynamic ip
It is used in WANIt is used in LANIt is fixed ipIt will changed
world area networklocal area networkThis is also resolved when you restart your phone.When you use mobile data and open what is my IP in your browser, then open (aeroplane mode) ip will change.
types of ip address
types of ip address

how to hack system

  • open kali linux
kali linux
kali linux machine

  • open another metaspolit in virtual box
metasploitable machine

You must first install Kali Linux in virtual box or VMware, then install Metaspolit. Finally, you must login to Kali Linux as well as Metaspolit.

now discover metaspolit's ip address in kali linux

In Kali Linux, I used this command to determine Metaspolit's network ip address.

  • open kali linux termial as a root user
sudo su( change the user to root privalige)
  • after that, type netdiscover ( how many network are connected in our range)
netdiscover (scanning the range network)
  • type netdiscover -f or netdiscover (discover fast scan in the network)
  • Wait a few minutes and you will receive an IP address, which you will discover is not the same as this (192.168.10.1, 192.168.78.254, 192.168.78.2) Last 1, 2, and 254 are always near the router range, thus victim machine is not possible.
ping ip address
  • ping of that ip address which is your victim machine
  • Ping the IP address to see if the computer is up and running. The address 7 received 0 packet loss indicating the system is ON, as can be seen by the 7 packets you submitted.
nmap TCP scan victim ip address

  • now used nmap to scan the ip address of the victim system
  • we are using default port scan
tcp and port scan

  • now we are using full TCP and PORT scan in nmap
  • now we are doing syn scan for bypass the firewall detection
  • with port 1-65535 all ports scan
  • with os detection -o
  • with software version detection -sV
nmap scan

Nmap Scan Report - Scan Summary


nmap -sS -v -p 1-65535 -sV -O -oX nmap3.xml 192.168.253.130

  • nmap -v (verbo)
  • nmap -sT (tcp scan)
  • nmap -sU (udp scan)
  • nmap -sS (bypass firewall syn-ack scan)
  • nmap -sV (version of the software)
  • nmap -p (1-65535 scan all ports) defaults 1000 ports
  • nmap -O (operating system detection)
  • nmap -ox (save the generate output in the file)

Nmap done at Sat May 21  2022; 1 IP address (1 host up) scanned in 148.97 seconds

192.168.253.130(online)

Address
  • 192.168.253.130
    (ipv4)
  • 00:0f:49:FD:E4:62 - VMware
    (mac)

Ports

The 65505 ports scanned but not shown below are in state: closed

  • 65505 ports replied with: reset
Port State
(toggle closed [0] | filtered [0])		 Service Reason Product Version Extra info
21 tcp open ftp  syn-ack vsftpd  2.3.4   
22 tcp open ssh  syn-ack OpenSSH  4.7p1 Debian 8ubuntu1  protocol 2.0 
23 tcp open telnet  syn-ack Linux t1fTzSPsY4SuYmH5T9UnGYSRWfXTM2mpocF class="open"> 25 tcp open smtp  syn-ack Postfix smtpd     
53 tcp open domain  syn-ack ISC BIND  9.4.2   
80 tcp open http  syn-ack Apache httpd  2.2.8  (Ubuntu) DAV/2 
111 tcp open rpcbind  syn-ack   RPC #100000 
139 tcp open netbios-ssn  syn-ack Samba smbd  3.X - 4.X  workgroup: WORKGROUP 
445 tcp open netbios-ssn  syn-ack Samba smbd  3.X - 4.X  workgroup: WORKGROUP 
512 tcp open exec  syn-ack netkit-rsh rexecd     
513 tcp open login  syn-ack      
514 tcp open tcpwrapped  syn-ack      
1099 tcp open java-rmi  syn-ack GNU Classpath grmiregistry     
1524 tcp open bindshell  syn-ack Metasploitable root shell     
2049 tcp open nfs  syn-ack   2-4  RPC #100003 
2121 tcp open ftp  syn-ack ProFTPD  1.3.1   
3306 tcp open mysql  syn-ack MySQL  5.0.51a-3ubuntu5   
3632 tcp open distccd  syn-ack distccd  v1  (GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4) 
5432 tcp open postgresql  syn-ack PostgreSQL DB  8.3.0 - 8.3.7   
5900 tcp open vnc  syn-ack VNC    protocol 3.3 
6000 tcp open X11  syn-ack     access denied 
6667 tcp open irc  syn-ack UnrealIRCd     
6697 tcp open irc  syn-ack UnrealIRCd     
8009 tcp open ajp13  syn-ack Apache Jserv    Protocol v1.3 
8180 tcp open http  syn-ack Apache Tomcat/Coyote JSP engine  1.1   
8787 tcp open drb  syn-ack Ruby DRb REVsSqDrN2snr28pSsfDiS4aYpay7dbC5a 1.8; path /usr/lib/ruby/1.8/drb 
35892 tcp open java-rmi  syn-ack GNU Classpath grmiregistry     
52443 tcp open nlockmgr  syn-ack   1-4  RPC #100021 
52908 tcp open status  syn-ack   RPC #100024 
60168 tcp open mountd  syn-ack   1-3  RPC #100005 

Remote Operating System Detection

  • Used port: 21/tcp (open)
  • Used port: 1/tcp (closed)
  • Used port: 44492/udp (closed)
  • OS match: Linux 2.6.9 - 2.6.33 (100%)(metaspolit)

now open kali linux termial and type msfconsole

  • msfconsole
metaspolit framework

  • now find the version and service name in nmap
  • and type in msfconsole in serach vsftpd
  • this is vsftpd this software is not upadate in that system so we have exploit of this version vsftpd v2.3.4 we have metaspolit backdoor also
  • now we type show options in metaspolit
  • show options show the RHOSTS AND RPORTS
    1. RHOSTS = REMOTE HOST (which system you want to access that is remote host that RHOSTS IS victim ip address
    2. RPORT = REMOTE PORT
    3. LHOSTS = LOCAL HOST ( LHOST is the attacker ip address where the listing hosts also it will be
    4. LPORTS = LOCAL PORT
metaspolit

  • now in metaspolit
  • now we can run the exploit by the typing the command
  • run or exploit
successfull access the victim the machine

we have another method

  • we the one another port open where we can access the system easily
  • 1524 tcp port open bindshell we have the Metasploitable root shell open in the port of 1524 where we can access by this ports also
we have acces that system easily

  • netcat (nc is used for network communication)
  • we have try communicated with victim machine through the netcat
    1. -n = no ping
    2. -v = verbose
Tags:
Niraj Adhikari

Posted by: Niraj Adhikari

Hello my dear friends , It’s me Niraj Adhikari. I am 17 years old, who enjoys in spritual life and learn cybersecurity technology. I always used to be a postive and always be happy in every situation. I am currently at college .