In this chapter, we will cover the following recipes:
- Gathering information for credential cracking
- Cracking FTP using custom wordlist
- Cracking SSH using custom wordlist
- Cracking HTTP using custom wordlist
- Cracking MySql and PostgreSQL using custom wordlist
- Cracking Cisco login using custom wordlist
- Exploiting vulnerable services (Unix)
- Exploiting vulnerable services (Windows)
- Exploiting services using
exploit-dbscripts
In the previous chapter, we enumerated the open ports and searched for possible vulnerabilities. In this chapter, we are going to perform penetration testing of the system over the network. For the purpose of demonstration, we have taken a vulnerable OS called Stapler, made by g0tmi1k. Stapler can be downloaded at https://www.vulnhub.com/entry/stapler-1,150/ .
Along with Stapler, we will also check out exploitation with Metasploitable 2, as briefly covered in the previous chapter. The aim of this chapter is to enlighten the reader about a couple of network-level attack vectors, and to demonstrate different types of attacks. Let's get started with Stapler, a vulnerable OS virtual machine, by loading the image on a virtual machine.