Metasploitable2 Exploitation
Exploitation of Metasploitable2, a vulnerable virtual machine, to demonstrate penetration testing techniques.
Visit website
What is Metasploitable 2?
It’s a deliberately vulnerable virtual machine designed to help you practice your skills in a safe environment. Recently, I completed my first hands-on practice with Metasploitable 2, and today, I’m sharing my experience with FTP exploitation.
Step 1: Setting Up the Lab
Before diving into exploitation, I set up my lab environment. I used VirtualBox to run both Metasploitable 2 and Kali Linux. Kali Linux is the go-to operating system for penetration testers, packed with tools for every step of the hacking process. The crucial part was the network configuration (in which I’ll write another article about it) and here are some of the reasons for my setup:
Isolation: Using a host-only network isolates the VMs from your physical network, making it safer to practice penetration testing.
Communication: The host-only network allows Kali Linux and Metasploitable 2 to communicate with each other without exposing them to the external network.
Internet Access: NAT allows Kali Linux to access the internet for updates and additional tools, while Metasploitable 2 remains isolated.
Step 2: Scanning the Target
As any ethical hacker knows, reconnaissance is the first step to understanding a system’s vulnerabilities. To analyze Metasploitable 2, I used Nmap -basically helps you map out the target’s network and identify open ports and services.I run the following command to give the service scan :nmap -sV Metasploitable_IP . This command scans for open ports and attempts to determine the version of the services running on those ports.
The scan revealed several open ports, but one that caught my attention was port 21, which is used for FTP (File Transfer Protocol). FTP is notorious for its security weaknesses, especially when it comes to anonymous access.
FTP Exploitation (Port 21):
FTP is a protocol used for transferring files between a client and a server. Unfortunately, many FTP servers are misconfigured to allow anonymous access, meaning anyone can log in without a username or password. This is a significant security risk.
First I decided to go the manual way - without the Metasploit Console. I was able to login with the default credentials was able to access the machine. I searched for an exploit related to ‘vsftpd ’ and found one: exploit/unix/ftp/vsftpd_234_backdoor. I loaded the exploit and proceeded to set the target IP:set RHOSTS Metasploitable_IP and then ran ‘exploit’ or ‘run’. And just like that, I had a shell on the target machine. We’ve gained access to the system!
Step 4: Post-Exploitation
With access to the system, I could now explore the files and directories. I found sensitive files, user credentials, and even a few scripts lying around. This is where the real danger lies—once an attacker gains access, they can do anything from stealing data to planting malware.
Conclusion
FTP exploitation on Metasploitable 2 was an eye-opening experience. It taught me how simple misconfigurations can lead to serious security breaches. As I continue my journey into ethical hacking, I’m reminded of the importance of staying vigilant and continuously learning.What’s next? In my next blog, I’ll hopefully dive into a different service and show you how to exploit it. Stay tuned, and as always, Remember to be Ethical!