Seeing as how this is my first actual post on attacking a service, I wanted to keep it pretty simple. I’m still getting used to this whole blogging thing after all, and I didn’t want to bite off more than I could chew with this post.
The machine I’ll be hacking for these first few posts is called Metasploitable. For those of you who may not know, Metasploitable is an intentionally vulnerable virtual machine developed by Rapid7. It is a great system to get your feet wet in the world of hacking and penetration testing! For my attacking system, I’ll be using Kali Linux. Let’s begin!
First, I need to boot up both the Metasploitable and the Kali virtual machines. When Metasploitable boots up, you can login with the default credentials of “msfadmin” “msfadmin”. So both username and password is msfadmin.
Once both systems are booted up, I’m going to need to see what services are running on Metasploitable, in order for me to begin the attack. For this, I’ll use a program called Nmap. Nmap is an open source network mapper/port scanner tool. I’m going to keep information on Nmap to a minimum in this post, however in the near future I plan on making a post entirely dedicated to this fantastic tool.
In Kali, I opened up a terminal and typed in nmap -sS -sV -p- 10.10.1.10. The -sS switch tells Nmap to run a TCP SYN Stealth Scan. Right now, just be aware that this type of scan isn’t as loud as other types of Nmap scans, which I want in order to not set off any alarms. The -sV switch tells Nmaps to report back the version of the services it finds. The -p- switch tells Nmap to scan all ports, and lastly 10.10.1.10 is the target’s IP address (in this case Metasploitable). Once the scan is finished, we get our results. Let’s take a look!
Wow! Lots of goodies here. As I mentioned earlier, I wanted to keep this first post simple in terms of what to attack. The first service I see is an ftp service, with the version of vsftpd 2.3.4. How about we see if we can exploit this service!
“But Jay! I don’t know where I would even begin to try and exploit this ftp service! Also, Broly is stronger than Jiren!”
First of all, if you think Broly is stronger than Jiren, then you and I may need to have a stern conversation about where your head is at! As for where to start in order to exploit this service, there is a great framework called Metasploit that we can try out. Yes, Metasploit does sound a lot like Metasploitable, doesn’t it? Well it is in fact also developed by Rapid7!
If I open up a terminal and type msfconsole, then the Metasploit framework will load. Once loaded, I’m going to narrow down on the name of the ftp service version in order to see if I can find an exploit to use. So in this case, the version is vsftpd. In the Metasploit command prompt, I typed in: search vsftpd. The results returned an exploit!
In order to select this exploit, I typed in: use exploit/unix/ftp/vsftpd_234_backdoor. As you can probably tell by the name of the exploit (also the description), this should trigger a backdoor on our target system, if successful. However before I run the exploit, I’ll need to configure another option. Typing in: show options brings me to the configure options section. Here, I need to set RHOSTS to the Metasploitable IP address, so I typed: set RHOST 10.10.1.10.
Once everything looks good, I can fire off the exploit by simply typing exploit or run.
Success! As you can see, there was a shell session that opened up on the target. To make sure I have root access, I typed: whoami, and root came back! We did it!
Now this may not be as exciting compared to when Gohan went SSJ2 during his fight against Cell, but acquiring a root shell on a target system is very exciting in its own way!
Thanks for reading!