yorkulov

Hack Metasploitablle 2 : Port 23

Assalomu Alaykum) This article is prepared solely for educational purposes. If you want to try it out practically, please ask for permission first, or use it on testing systems (like Metasploitable).

Today, we will briefly discuss the Telnet service and then see how to launch attacks on a target system using it. First, we will start our target system.

Telnet is mainly used for managing and configuring servers, but due to security reasons, safer protocols like SSH (Secure Shell) are preferred. Telnet is a simple and convenient way to access a computer remotely, but it should be used cautiously considering modern security measures.

We will continue our attacks based on ports. Last time we looked at port 22, and today we will examine port 23, where the Telnet service usually operates. First, we will scan it using nmap.

nmap 192.168.130.166 -A -p 23

As a result, we can see that the Telnet service is running and the connection is open. Now, let's try to connect using Telnet.

telnet 192.168.130.166

We encountered a very interesting result: to connect via Telnet, a username and password have been set up, and when we tried them, they turned out to be valid.

Now, let's check our permissions.

Several checks have proven that we have root privileges, and we have indeed gained root access. (Today’s task was easy! 😂😂) This means we can use the command rm -rf /* (to show the house of a mother).

In today’s article, we reviewed Telnet, which is used for remote connections. Generally, Telnet is not used; instead, SSH is preferred (as we hacked a system using SSH last time). During the practice, although Telnet was open, we might not have received a username and password. In that case, we could use a brute force attack or exploit older versions using Metasploit.

We will continue to try to achieve results through each open port. To not miss upcoming articles, follow us on social media.

By the way, if you liked the article, don't forget to register on the site, give it a like, and leave a comment!

23

September

0

yorkulov

Hack Metasploitable 2 : Port 22

Assalomu alaykum) This article is prepared only for educational purposes. If you want to try it in practice, please ask for permission first or use it in test systems (like Metasploitable).

The goal of this article is to understand how to use nmap NSE scripts and perform a brute force attack with Metasploit.

First, we need to set up the right environment. We'll install and run the Metasploitable 2 system (which is intentionally made weak) in a virtual environment. To perform the attacks, we'll need an operating system like Kali or Parrot.

We'll do all actions on the system we set up for the attack.

Gathering information:

We will use Nmap to scan port 22 on our target system.

namp 192.168.154.166 -sV -p 22

As a result, we found that port 22 is running the SSH service and identified its version. Now, we will try to get more information by using Nmap NSE scripts.

nmap --script="ssh*" 192.168.154.166 -p 22

Here are several results. If we look at the ssh-brute section, there is a user:user entry. We will attempt to connect via SSH using this username and password.

ssh -o HostKeyAlgorithms=+ssh-rsa user@192.168.154.166

We successfully established a connection, but even after checking using several methods, we can see that we do not have elevated privileges. We can either try to escalate our privileges or test other methods. We will attempt to exploit using Metasploit.

msfconsole

> search ssh_login

Now we will retrieve and configure the exploit:

use 0

Select the ssh_login exploit:

set rhosts 192.168.154.166

Enter the victim's IP address:

set PASS_FILE /usr/share/wordlists/metasploit/ssh_login_pass.txt
set USER_FILE /usr/share/wordlists/metasploit/ssh_login_user.txt

Enter the list of usernames and passwords. (If you don't have these files, you can download them from my Telegram channel in the Files section.)

set STOP_ON_SUCCESS true

To stop when a result is achieved:

run

Run the exploit.

...

After what feels like a million years, we finally get this result! 😂😂

We have another username and password, so let's try to connect with those as well.

Finally, we have a result! We established a connection with the victim's system, and using the whoami command, we see that we have logged in with root privileges. This means we can use commands like rm -rf /* (you know what that does).

In today's article, we explored gaining access to a system through brute force attacks. Such vulnerabilities arise from using common usernames and passwords, so when choosing a username and password, try to opt for more complex options.

In this way, we will try to achieve results through each open port. Be sure to follow us on social media to not miss upcoming articles.

By the way, if you liked the article, don’t forget to register on the site, give it a like, and leave a comment!

Translated by ChatGPT

20

September

0

yorkulov

Hack Metasploitable 2 : Port 21

Assalomu alaykum) This article is prepared only for educational purposes. If you want to try it in practice, first ask for permission, then use it, or test it in test systems (like Metasploitable).

The purpose of this article is to understand the basics of attacks and to feel how old services can lead to consequences.

First, we need to set up the required environment by installing and starting Metasploitable 2 (a deliberately vulnerable system) in a virtual setting. For carrying out our attacks, we will need an operating system like Kali or Parrot.

We will perform all actions on the system we have prepared for the attack.

Information gathering:

We will use Nmap to scan the network and try to find the IP address of the target system.

namp 192.168.154.0/24

Based on our results, we can identify that there are 3 devices: my computer, my phone, and the target system's IP address. Knowing the IP addresses of the phone and my personal computer, we can determine that 192.168.154.166 is the IP address of the target machine.

Next, we will scan the target machine separately.

nmap -sV 192.168.154.166

It also provides the names and versions of services running on each port.

We will start with port 21 and continue from there. Let's scan port 21 separately once again.

nmap 192.168.154.166 -sV -p 21

From the results, we can see that port 21 is running the FTP (File Transfer Protocol) service with vsftpd version 2.3.4. During our attacks, we will use Metasploit most frequently, so we'll start Metasploit and continue our work through it.

Starting the attack:

msfconsole

We will use Metasploit’s search feature to look for exploits related to the FTP service version.

> search vsftpd 2.3.4

As a result, we have found one exploit (a code or method used to exploit a vulnerability and damage the system or application). We will consider using it.

> use 0

We can use the use command to select the exploit, either by specifying the exploit URL or simply by providing the index number.

> show options

Through this, we can see what the exploit requires from us.

In the Required section of the image, the fields marked as "yes" are mandatory.

`RHOSTS` is the target IP address; we need to enter the target's IP address here.

> set RHOSTS 192.168.154.166

`RPORT` is the port on which the target's FTP service is running; by default, it is set to 21, so we can leave it as is.

To run the exploit, we use the `run` command.

> run

Finally, we have a result: we have established a connection with the target system, and the `whoami` command shows that we are logged in as root. This means we can use commands like `rm -rf /*` (a dangerous command that deletes all files) on the system.

In today's article, we demonstrated how an outdated service can lead to compromising an entire system and how to search for and use the necessary exploit in Metasploit as an attacker.

We will continue to try to achieve results through each open port in this manner. Follow us on social media to keep up with future articles.

By the way, if you liked the article, don’t forget to register on the site, give it a like, and leave a comment.

Translated by ChatGPT

20

September

1

yorkulov

Python: The Secret Ingredient to Success in Every Industry. II

note: You can also find the first part of the article by typing "Python" into the search bar on the website.

Image sourced from elsewhere

6. System Administration

ℹ️ System Administration - managing systems and networks, monitoring system performance, ensuring security, and working with networks.

📊 According to the Stack Overflow Survey and GitHub Octoverse 2023 statistics, Python is used by over 45% of system administrators and has solidified its position in developing system scripts on GitHub.

🐍 Python Opportunities for System Administrators: Modules like os, subprocess, shutil, and psutil make managing system files, monitoring processes, and automating tasks much easier and more efficient. Tools like Ansible and SaltStack are used for server management and automation.

💻 Facebook: Uses Python scripts for monitoring servers and automatically resolving issues during system operations.

Red Hat: Extensively uses Python-based automation tools for managing Linux servers.

7. Desktop Application Development

ℹ️ Desktop Application - the process of creating standalone software that runs on computers. These applications work with user interfaces and unique functionalities.

📊 According to the Stack Overflow Survey, the use of Python in desktop application development has increased to over 30% in recent years. Despite Java and C++ being leaders in this field, Python is also finding its place in the market.

🐍 Python Desktop Application Development Opportunities: Libraries like Tkinter, PyQt, Kivy, and wxPython are available. These libraries allow for creating graphical interfaces. Tkinter is the most widely used, simple, and effective tool. PyQt and Kivy are well-suited for creating advanced interfaces.

💻 Dropbox: Initially developed with Python and continues to use Python libraries for its main desktop versions.

BitTorrent: The application, which works based on the torrent protocol, was also created using Python and wxPython.

8. DevOps Automation

ℹ️ DevOps - streamlining the management of systems through software development and IT processes and automating them to ensure constant and secure system operations.

📊 According to the Stack Overflow Developer Survey, Python is used in over 35% of DevOps automation tasks. Python is becoming a primary language for scripting, monitoring, log processing, and containerization.

🐍 Python DevOps Automation Opportunities: Tools like Ansible, Fabric, SaltStack, and Chef are widely used for configuring servers and automating processes. Additionally, Python can be used for configuring Docker and Kubernetes.

💻 Google: Utilizes numerous Python-based tools for DevOps and system automation. Python is used in creating and managing Google Cloud Platform (GCP) and other internal tools.

Amazon Web Services: AWS provides advanced SDKs for managing and automating cloud services with Python. AWS CLI and Boto3 (Python library) are written in Python.

9. Robotics and Control Systems

ℹ️ Robotics and Control Systems - creating software to move devices and establish communication with them.

📊 Python-related robotics repositories on GitHub accounted for over 30,000 repositories in 2023. More than 80% of the world's top 50+ universities in robotics choose Python as their programming language.

🐍 Python Robotics and Control Systems Opportunities: Integration with ROS (Robot Operating System) is widely used in robotics. Libraries like Pygame, OpenCV, and PySerial are helpful for control systems. Pygame is used for creating 2D games, OpenCV is used for image recognition, and PySerial is used for communication with microprocessors.

💻 NVIDIA: Uses Python libraries (TensorFlow, PyTorch) to create and apply AI models for robotics and control systems.

Tesla: Utilizes Python libraries for developing control algorithms in automated driving systems.

10. Game Development

ℹ️ Game Development - the process of creating games that combine graphical interfaces and complex mechanics.

📊 Specific statistics are hard to find in this field, as languages like C++, C#, and Java dominate. However, Python is actively used and is expected to have a significant impact on AI (Artificial Intelligence) control parts of game development in the future.

🐍 Python Game Development Opportunities: Pygame is very suitable for creating game mechanics and graphical interfaces. Tools like Panda3D and PyOpenGL are used for creating 3D games.

💻 Battlefield 2 - This military tactics game used Python for server-side modifications and configurations.

Baba Is You - A puzzle game that used Python for game prototypes.

This article (or rather, this brief piece) aims to provide an understanding of Python's capabilities across various fields. If it has helped you gain insight into these possibilities, I have achieved my goal. In the IT world, choosing any of the 10 areas mentioned above can serve as an introductory and versatile pathway. Certainly, excelling in a single field requires more than just one technology, as each technology has its strengths and weaknesses. However, Python is a great starting point for your first steps. And by the way, that mysterious ingredient Master Oogway mentioned to Po (the panda) was Python 😀🤭.

note: The article was written with the aid of AI technologies, but the general information was compiled from several websites. The details provided about the example programs have been verified by 90%. Statistical data were also gathered from various platforms that present statistical information and then generalized.

If you enjoyed reading the article and found it valuable, I’m glad!

Translated by ChatGPT

09

September

0

yorkulov

Python: The Secret Ingredient to Success in Every Industry. I

Over the past four years, the Python programming language has consistently ranked among the top 1-3 positions in various global surveys and major community statistics. The Tiobe Index data also reflects this trend.

I'm not going to delve into the history of Python or what kind of programming language it is, as there is already plenty of information available on that. Today, we'll focus on one of the main reasons why Python has become so popular. I believe this will help answer your question: "Why should I learn Python?"

As the title of our article suggests, I'll be providing information on the fields where the Python programming language is widely used and increasingly adopted. I'll aim to illustrate this with real-world examples.

First, let me discuss several fields where Python is currently having a significant impact:

Data Science and Machine Learning
Web Development
Automation
Scientific Computing
Cyber Security
System Administrator
Desktop Application Development
DevOps Automation
Robotics and Control Systems
Game Developmen

Note: The primary goal of this article is not to provide comprehensive information about the aforementioned fields but rather to shed light on Python's role and relevance in these areas.

1. Data Science and Machine Learning:

ℹ️ Both fields rely on statistical data and algorithms to make decisions.

📊 According to the 2023 Stack Overflow Survey, Kaggle, and Tiobe Index, approximately 60% of users utilize Python for Data Science and Machine Learning.

🐍 Python’s Capabilities for Data Science: Libraries like Pandas, NumPy, SciPy, Matplotlib, and Seaborn are highly effective for data manipulation, analysis, handling multi-dimensional arrays, statistical analysis, and creating graphs and charts. Jupyter Notebooks provides an interactive environment for visualizing results.

💻 Netflix and Spotify use data and statistics to make recommendations and identify trends for their users.

🐍 Python’s Capabilities for Machine Learning: Libraries such as Scikit-Learn, TensorFlow, Keras, PyTorch, XGBoost, and LightGBM support various data learning algorithms, including regression, classification, clustering, and more. These libraries are also very useful for creating and training neural networks.

💻 OpenAI GPT Models utilize Python libraries like TensorFlow and PyTorch for data processing and recommendation generation.
IBM Watson extensively uses Python libraries to build data science, machine learning, and artificial intelligence models.

2. Web Development

ℹ️ Web development involves creating websites and web applications accessed through the internet. Python offers extensive capabilities in areas such as web servers and database integration.

📊 According to major platforms like the Stack Overflow Survey, Tiobe Index, and GitHub Octoverse Report, Python has been chosen by 30% of web developers in

recent years for web application development, and this percentage continues to grow. According to Daily's data, Django is ranked 1st in the "Top 10 Backend Frameworks 2024" list. This ranking reflects Django's productivity, ease of use, community support, scalability, and security features. Python's popularity has significantly increased over the last 5 years compared to other programming languages like JavaScript, PHP, and Ruby.

🐍 Python's Capabilities for Web Development: The two most popular frameworks in the Python ecosystem are Flask and Django. Django is a high-level web framework

that includes a range of built-in features such as an admin panel and authentication. Flask is known for being lightweight and flexible, making it an excellent choice for small and scalable projects.

Another notable Python technology in web development is FastAPI, which is widely used for creating RESTful APIs.

💻 Instagram - was built using the Django framework, leveraging Django's capabilities to serve a large number of users effectively.
Reddit - was initially developed using Python and continues to use many Python libraries.

3. Automation

ℹ️ Automation - refers to the process of using software and equipment to automatically perform tasks and processes without manual intervention.

📊 According to the Stack Overflow Survey, Tiobe Index, and GitHub Octoverse Report, Python accounted for 40%-45% of automation tasks in 2020-2021.

In recent years, including 2024, Python has been ranked 1st in LinkedIn and LambdaTest’s "Top 10 Programming Languages for Automation."

🐍 Python's Capabilities for Automation: Python provides a variety of tools for automation, including:
Selenium: Widely used for automating and testing websites.
BeautifulSoup and Scapy: Used for web scraping and data collection from websites.
Pandas and NumPy: Employed for data processing and analysis.
Celery: Used for executing asynchronous tasks.

💻 Google uses Python extensively for data processing and managing automation tasks within its internal systems.
NASA utilizes Python for automation and data processing, including analyzing data for space missions.

4. Scientific Computing

ℹ️ Scientific Computing involves solving scientific and engineering problems through computational methods and computer technology.

📊 According to the Stack Overflow Survey, Tiobe Index, and GitHub Octoverse reports, Python is recognized as one of the most popular languages for scientific computing. In 2021, Python held the top position among languages used for scientific computing, and it continues to be a leading choice today.

🐍 Python's Capabilities for Scientific Computing: Python offers several libraries and tools for scientific computing, including:

NumPy: Advanced technology for handling large-scale arrays and matrices. SciPy: Provides additional capabilities for scientific engineering problems, such as optimization and interpolation. SymPy: A library for symbolic mathematics. Matplotlib: Widely used for visualizing data through graphs and charts. Pandas: Useful for data manipulation and analysis. Jupyter Notebooks: An interactive environment for executing and visualizing code and results.

💻 Large Hadron Collider (LHC): Python is one of the primary programming languages used in CERN's LHC project for data analysis, simulation of experiments,

and visualization of results.
NASA: Utilizes Python for scientific computing tasks, such as orbital simulations and space research, leveraging the capabilities of the libraries mentioned above.

5. Cybersecurity

ℹ️ Cybersecurity - involves ensuring the security of software, systems, and data, and implementing measures to protect them from hacking attacks and malicious software.

📊 According to sources like the Stack Overflow Developer Survey, GitHub Octoverse Report, and Tiobe Index, Python was identified as a preferred language for cybersecurity by approximately 50% of developers in 2023. The LinkedIn Skills Report (2022-2023) highlights a 37% increase in specialists showcasing cybersecurity and Python skills on LinkedIn.

🐍 Python's Capabilities for Cybersecurity: Scapy - Used for analyzing and manipulating network packets. PyCrypto - Facilitates cryptographic operations,

including encryption and the creation of secure communication channels. Paramiko - Enables secure communication with remote servers via SSH. Nmap - Integrates with Python for network scanning and security analysis, allowing the creation of custom scanning scripts. Requests - Provides a convenient way to handle HTTP requests and analyze responses when working with web applications and APIs.

💻 Metasploit Framework - A tool for exploitation and pentesting, which allows the creation of additional modules and scripts in Python.
Malware Analysis Tools - Many tools developed for analyzing malicious software are written in Python or support Python scripting.

The second part will be published on the site soon.

If you enjoyed reading the article and found it valuable, I’m glad!

Translated by ChatGPT

01

September

1