来源

关联漏洞

描述

I recently set up a small Penetration Testing Lab to get some hands-on experience with vulnerability scanning and exploitation. Using Nessus and Kali Linux, I was able to dive into Metasploitable 2, a deliberately vulnerable system, and identify a pretty serious flaw (CVE-2010-2075).

介绍

# Penetration Testing Lab
## Objectives
- Learn Vulnerability Scanning with Nessus
- Practice Penetration Testing with Kali Linux
- Simulate Real-World Attacks
- Improve Cybersecurity Skills

## Virtualization
- Virtualizaiton Tool: Oracle Virtual box
- Reason: Open source, Easy setup

## Kali Linux Setup
- **OS**: Kali Linux
- **Network Adapter**: NAT

## Target Machine: Metasploitable 2
- **OS:** Ubuntu-based vulnerable system
- **Installation Type:** Virtualbox
- **Network Adapter:** Host-Only (to ensure isolated communication between the machines).

## Vulnerability Scanner: Nessus
- **Installed on:** Kali Linux
- **Installation Command:** `wget https://www.tenable.com/downloads/api/v1/public/pages/nessus/downloads/17940/download?i_agree_to_tenable_license_agreement=true -O Nessus.deb`  
- **Web Interface:** `https://localhost:8834` 
- **License Type:** Nessus Essentials (Free)
- **Status Check:** `sudo systemctl status nessusd`

## Nessus Vulnerability Scan on a Metasploitable 2
- **Scan Target:** Metasploitable 2 (`192.168.10.8`)

![alt text](image.png)
![alt text](image-1.png)

## Exploit: UnrealiRCd Backdoor (CVE-2010-2075)
- **Severity:** Critical (CVSS 10.0)
- **Affected Service:** UnrealiRCd (Internet Relay Chat Daemon)
- **Impact:** Full Remote Code Execution (RCE)
- Exploit Proof:

![alt text](image-3.png)

![alt text](image-4.png)

![alt text](image-5.png)

![alt text](image-6.png)

![alt text](image-7.png)

## Remediation Steps for UnrealiRCd
- Update UnrealiRCd to latest version.
- Remove or disable the vulnerable service if it's not needed.
- Use a firewall to restrict access to the IRC port.

## Conclusion
This Penetration Testing Lab has provided hands-on experience with vulnerability scanning using Nessus, as well as simulated real-world attacks and exploitations. By setting up a vulnerable target machine (Metasploitable 2) and conducting a vulnerability scan, the lab demoonstrated the importance of identifying critical vulnerabilities such as UnrealiRCd and how they can be exploited for **Remote Code Execution (RCE)**.
Additionally, it showcased the practical steps involved in securing vulnerable systems, including updating software, disabling unnecessary services, and using firewalls for network access control. These exercises are essential for upskilling cybersecurity skills and gaining a deeper understanding of penetration testing methodologies.

文件快照

 [4.0K]  /data/pocs/e751eeec62f55ae681f0cb1e8bb25d230eef6a71
├── [104K]  image-1.png
├── [   0]  image-2.png
├── [ 69K]  image-3.png
├── [ 93K]  image-4.png
├── [ 28K]  image-5.png
├── [131K]  image-6.png
├── [ 83K]  image-7.png
├── [ 27K]  image.png
└── [2.4K]  README.md

0 directories, 9 files

备注