3.3.1 Linux Exploitation

Linux Exploitation

FTP

​vsftpd is an Unix FTP server.

• vsftpd v.2.3.4 is vulnerable to a command execution vulnerability

🔬 FTP - MSF Exploit​

SAMBA

Samba is the Linux implementation of SMB.

• Samaba v.3.5.0 is vulnerable to a RCE vulnerability

🔬 Samba - MSF Exploit​

SSH

libssh is a C library that implements the SSHv2 protocol

• SSH default TCP port is 22

• libssh v.0.6.0 - 0.8.0 is vulnerable to an authentication bypass vulnerability

🔬 SSH - MSF Exploit​

SMTP

​Haraka is an open source high performance SMTP server developed in Node.js

• SMTP default TCP port is 25

  • other TCP ports are 465 and 587

• Haraka prior to v.2.8.9 is vulnerable to command injection

🔬 SMTP - MSF Exploit​