Vulnerability assessment
To complete this lab, you will need Kali Linux and Metasploitable2. If you are in FDR116, VMWare is on all PCs with Kali and Metasploitable2 already installed. If you are working on your home computer, you can either use Splashtop to remote in (see the instructions under week 1), or install VirtualBox or VMWare, but you should have at least 8MB of RAM (16MB is better). You can download Kali here and Metasploitable2 here.
Task 1: FTP exploit using Metasploit
The Metasploit Framework is an open-source modular penetration testing platform used to attack systems to test for security exploits. It is one of the most commonly used penetration testing tools and comes built-in in Kali Linux.
Metasploit consists of datastore and modules. Datastore enables the user to configure the aspects within the framework, whereas modules are self-contained snippets of codes from which Metasploit derives its features. Since we’re focusing on executing an attack for pen testing, we’ll keep the discussion to modules.
In total, there are five modules:
Exploit – evades detection, breaks into the system and uploads the payload module
Payload – Allows the user access to the system
Auxiliary –supports breach by performing tasks unrelated to exploitation
Post–Exploitation – allows further access into the already compromised system
NOP generator – is used to bypass security IPs
For our purposes, we’ll be using Exploit and payload modules to gain access to our target system.
You can look up the web for different vulnerabilities, but for this tutorial, we’ll see how VSFTPD v2.3.4 can be exploited. VSFTPD stands for a very secure FTP daemon. We’ve cherry-picked this one because it grants us full access to Metasploitable’s interface without seeking permission.
Boot the Metasploitable-2 VM and login (msfadmin:msfadmin)
Use ifconfig to find the VM’s IP address
Going back to Kali, at the command prompt, start Metasploit by typing msfconsole,
once it has started, type search vsftpd
This brings up the location of the vulnerability we want to exploit.
To select it, type
use exploit/unix/ftp/vsftpd_234_backdoor
To see what further information is required to boot the exploitation, type
show options
The only information of any substantial importance that is missing is the IP for the machine you want to attack, which we found in step 3. (rhost = remote Metasploitable IP)
Type in this command to direct Metasploit to the target system and begin the exploit.
set RHOST [Metasploitable IP from step 3]
Type run
Now, with complete access granted to Metasploitable, we can navigate through the system without any restrictions. You can download any classified data or remove anything important from the server. In real situations, where an intruder gains access to such a server, they may even shut down the CPU, causing any other computers connected with it to crash as well.
<Insert a screenshot showing access to the Metasploitable VM>
Hi, I'd like to offer my expertise to assist with your Vulnerability Assessment task, particularly focusing on the FTP exploit using Metasploit in a Kali Linux and Metasploitable2 environment. With a strong background in cybersecurity and…
I have a strong background in ethical hacking, with hands-on experience in identifying and exploiting vulnerabilities across various systems. My expertise includes thorough penetration testing, security assessments, and providing…
Having spent over 2 years deeply involved in the security domain, I am positive I can match your requirements with my expertise in computer security, Linux and network administration. Through multiple tests and certifications, I have familiarized…
$10 USD på 1 dag
5,0
(6 anmeldelser)
4,0
4,0
18 freelancere byder i gennemsnit $46 USD på dette job
Hello There!
As an expert Cyber Security Analyst, I am well-equipped to assist with your Penetration Testing Techniques Lab using Kali Linux and Metasploitable2. I…
Hello,
I'm a Cyber Security Researcher with practical experience gained through playing CTFs (Capture The Flag), engaging in Bug Bounties, and working as a…
I can assist with your vulnerability assessment lab by guiding you through the exploitation process using Metasploit on Kali Linux. I will help you set up and execute the FTP exploit on Metasploitable2, ensuring you understand the use of…
Dear Client,
I am an experienced cybersecurity professional with extensive knowledge in vulnerability assessment and penetration testing using tools like Kali Linux…
Hi,
I have a strong understanding of vulnerability assessments and penetration testing using tools like Kali Linux and Metasploitable2. For the FTP exploit…
Hi, I am a network and cybersecurity professional. I have reviewed your requirements and am confident I can complete your task within your time limits. Also, I have my own Kali Linux and Metasploitable2 installed, Indeed I…
Hi - You will top notch Penetration Testing and Ethical Hacking services with 100% accuracy within 24 hours. Also you will get a comprehensive report underlining each aspect of Penetration Testing phases.
Looking forward to your reply.
I came across your ad , NJ located and am very interested in taking on this project. With over 11 years of experience in virtualization, VPS, Linux administration, Penetration testing (KALI LINUX )and network security, I regularly design…