Metasploitable 3 Ubuntu Walkthrough: Part VII

Exploiting Port 6697 – Unreal IRCd

This service was already exploited in Metasploitable 2. But is it the same version?

Service detection using Nmap

It is not possible to determine the specific version running on Metasploitable3 but because there is only one exploit available in MSF, we better try it.

MSF exploit module

Like before, this is a very easy exploit:

Exploiting Unreal IRCd using Metasploit

This is a low privilege shell because boba_fett is not part of the sudo group. But he is also part of the docker group…

Exploiting Port 8181 – Ruby on Rails

The Ruby on Rails web application running on the system at port 8181 has a remote code execution vulnerability which can be exploited using the proper MSF module. However, this exploit requires knowledge of the secret used to sign the session cookie. How can we get that?

Rails entry page

Rails flag page

This is an important clue… cookies

Decoding cookie using Burp

Let’s capture the traffic with Burp Suite and see what we can find inside.

Capturing Rails response using Burp

Fortunately, the web server conveniently sends us the secret in the Set-Cookie header.

Send everything to the decoder:

Decoding cookie using Burp

Now, use the smart decoder:

Decoding cookie using Burp

This will identify the breaks in the cookie code. Next, decode as Base64:

Decoding cookie using Burp

Andy you will have the cookie secret:

Decoding cookie using Burp

Now that we have the secret a7aebc287bba0ee4e64f947415a94e5f, we can use it to get our shell.

Exploiting Rails using Metasploit

It is a root shell…!


Next post:

5 comments:

Cyberspaceshield said...

Cyberspaceshield is a company with group of certified hacker, who are always ready to assist you with all your cyber problems.

We’ve been in existence for ages now, we are reliable and helpful in terms of cyber bullying.

We can help you get all your cyber threats and bullies solved in less than what you can ever imagine.

These are somethings we specializes on:


➡️ Phone hacks/cloning

➡️ Credit scores Repair

➡️ Social media Hacks (Facebook, Instagram, tik tok).

➡️ Binary options

➡️ Binary Recovery

➡️ Clear criminal records etc.


The internet is full of scammers, that’s why we’re here to help you fight them out.

If you’ve been a victim of scam, don’t hesitate to write us on

EMAIL: Cyberspaceshield@gmail.com

Thank you!!!

No Name said...

**HIGH CREDIT SCORES SSN FULLZ AVAILABLE**

>For tax filling/return
>SSN dob DL all info included
>For SBA & PUA filling
>Fresh spammed & Fresh database

**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**

=>Contact 24/7<=

Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks

FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES

*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included

CC & CVV'S ONLY USA AVAILABLE

SSN+DOB
SSN+DOB+DL
High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted

->You can buy few for testing
->Invalid info found, will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff

TOOLS & TUTORIALS AVAILABLE FOR
(Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)

Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Viruses
Keylogger & Keystroke Logger
Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
Paypal Logins
Bulk SMS Sender
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2 with & without pin
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)

->Serious buyers are always welcome
->Big discount in bulk order
->Offer gives monthly, quareterly, half yearly & yearly)
->Hope we do a great business together

CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks

Peeter said...

What's Up Guy's

We're providing Fresh, Legit & Guaranteed Fullz/Pros, Tools & Tutorials
Genuine stuff & verified

exploit.tools4u at gmail dot com
@peeterhacks SKYPE/WICKR
ICQ\TG @killhacks
WA +92 317 272 1122

Packages are also available for
Spamming|Carding|Hacking|Cloning|Spying

SSN|DOB|DL fullz in Bulk quantity Available
High Credit Scores Pros (700+ scores)
(Spammed from credit bureau of USA)

Fullz CC with CVV available with below info
CCNumber|CVV|MM|YYYY|NAME|ADDRESS|SSN|DOB

Other necessary tools of these type of jobs are also available
Under professional Hackers guidance
Delivery available 24/7
Samples will be provided just for fullz
No testing for tools
If you wanna learn Hacking|Spamming we will guide you too

Ashutosh CITPL said...

Searching for a reliable and efficient Laravel dev team? Choose Connect Infosoft Technologies for unrivaled Laravel development services. With a proven track record of successful projects and a talented team of Laravel experts, we are committed to delivering high-quality solutions tailored to your business requirements. Contact us now to embark on your Laravel development journey.

Jacob said...

Hello Everyone

We're providing fresh stuff of USA UK CANADA Databases
Each lead will be valid & guaranteed
Personal info, Business Info, Employee info etc.
National Numbers with DL|ID & all related info
Fullz info available in bulk quantity

SSN DOB DL ADDRESS USA
SIN DOB DL ADDRESS MMN CANADA
NIN DOB DL ADDRESS SORT CODE UK

Contact me for more details

T3l3 Gr@m : (at)killhacks , (at)leadsupplier
Wh@ts @pp: +1.. 727.. 788.. 6129..
SKyp3: (at)peeterhacks
I C Q: (at)killhacks , 752822040
Em@il: bigbull0334 (at) 0ni0n m@il . org

USA Stuff:
SSN DOB DL ADDRESS EMPLOYEE & Bank Info
REAL ID|DL Scan Front back with Selfie & SSN
High Credit Scores Fullz Pros
DL Fullz with Expiry Dates
Business EIN Company Fullz
Young & Old Age Fullz
Passport Photos with Selfie
DL|ID Front Back with SSN
CC With CVV with billing Address
Dumps with pin Track 101 & 202
Fullz For SBA|PUA|UI|Tax RETURN|UBER EATS|DOORDASH
KYC Stuff with ID Proof For account opening

UK STUFF:
NIN DOB DL ADDRESS SORT CODE Fullz
DL|ID Front back with Selfie
British & Non-British Info with NIN Fullz
CC with CVV & billing Address
Passport Photos with selfie
Business Leads
Dead Fullz UK

CANADA STUFF:
SIN DOB DL ADDRESS MMN Fullz
DL|ID Front back with selfie
Passport Photos with selfie
High Credit Scores Info Fullz
CC with CVV

TOOLS STUFF:
SMTP|RDP
C-panel|Shells
Web-mailer|Bulk SMS Sender|Email Sender
SMTP Linux Root
Scam Pages|Scam Page Scripting
Scanners|Crackers

Many other stuff available as well
Just asked me what do you need!

Guaranteed stuff with replacement offer
Cheap & Market competitive prices we're offering

Feel Free to Contact me:

T3l3 Gr@m : (at)killhacks , (at)leadsupplier
Wh@ts @pp: +1.. 727.. 788.. 6129..
SKyp3: (at)peeterhacks
I C Q: (at)killhacks , 752822040
Em@il: bigbull0334 (at) 0ni0n m@il . org