Simple Penetration Metasploitable 2 (Cybersecurity)

Loi Liang Yang
24 Jan 201605:05

Summary

TLDRThis tutorial demonstrates how to perform penetration testing on a vulnerable system (Metasploitable 2) using tools like Nmap, Nessus, and Metasploit. The process involves scanning the target for open services, identifying vulnerabilities, and exploiting them to gain root access. Through the use of an Nmap scan, the Nessus vulnerability scanner, and a Metasploit exploit for `vsftpd 2.3.4`, the attacker gains control of the system. This step-by-step guide offers a beginner-friendly introduction to penetration testing techniques in a controlled environment, showcasing real-world tools and attacks.

Takeaways

  • 😀 Metasploitable 2 is a free virtual machine running on Ubuntu Linux, designed for penetration testing practice.
  • 😀 The system contains multiple vulnerabilities that can be exploited in a controlled, isolated environment.
  • 😀 Ensure that the Metasploitable 2 system is not accessible from the cloud to avoid security risks.
  • 😀 Nmap is used to scan the target system and identify the network services and their versions.
  • 😀 The Nmap command used for this purpose is `nmap -sV -O <target_IP>`, which identifies services and operating systems.
  • 😀 Nessus is a vulnerability scanning tool that categorizes vulnerabilities by severity (Critical, High, Medium, Low, Informational).
  • 😀 A critical vulnerability in VSFTPD 2.3.4 is identified, which can be exploited to execute arbitrary code as root.
  • 😀 Metasploit can be used to exploit the VSFTPD vulnerability, and it provides an automated method to gain access.
  • 😀 To exploit the vulnerability using Metasploit, the command `use exploit/unix/ftp/vsftpd_234_backdoor` is used.
  • 😀 Once the exploit is successful, you gain a command shell on the target system with root access.
  • 😀 After gaining root access, tools like `cat /etc/shadow` can be used to find user credentials, enabling further exploitation (e.g., password cracking).

Q & A

  • What is Metasploitable 2 and how is it used in penetration testing?

    -Metasploitable 2 is a vulnerable virtual machine designed specifically for penetration testing practice. It contains various known security flaws, making it an ideal target for learning and testing security tools and techniques in a controlled environment.

  • What is the role of Kali Linux in this setup?

    -Kali Linux is a penetration testing distribution used to launch attacks against the Metasploitable 2 machine. It contains numerous pre-installed security tools such as Nmap, Nessus, and Metasploit that are used to identify and exploit vulnerabilities.

  • Why is it important to ensure that Metasploitable 2 is not accessible from the cloud?

    -It is important to ensure that Metasploitable 2 is not accessible from the cloud because it contains intentional vulnerabilities. Exposing it to the internet could allow malicious actors to exploit these weaknesses, leading to potential security risks.

  • How can you use Nmap to find open ports and services on Metasploitable 2?

    -You can use the Nmap command `nmap -sV -O 192.168.1.5` to scan Metasploitable 2. This command identifies open ports, the services running on those ports, and attempts to detect the operating system of the target machine.

  • What is the benefit of using Nessus for vulnerability scanning?

    -Nessus is a comprehensive vulnerability scanner that not only detects security issues but also classifies them by severity (critical, high, medium, low, informational). This helps prioritize which vulnerabilities need immediate attention and provides guidance on how to fix them.

  • What is the significance of the vsftpd 2.3.4 vulnerability in Metasploitable 2?

    -The vsftpd 2.3.4 vulnerability is a well-known backdoor that allows unauthenticated remote attackers to execute arbitrary commands as root. It is one of the key vulnerabilities present in Metasploitable 2 and can be exploited to gain unauthorized access.

  • How does Metasploit help in exploiting vulnerabilities on the target machine?

    -Metasploit provides a collection of pre-built exploits that automate the process of attacking vulnerable services. In this scenario, Metasploit's `vsftpd_234_backdoor` exploit is used to exploit the vsftpd vulnerability and gain remote access to the target machine.

  • What are the necessary steps to exploit the vsftpd 2.3.4 backdoor using Metasploit?

    -To exploit the vsftpd 2.3.4 backdoor, use the following steps: open Metasploit with `msfconsole`, select the exploit `exploit/unix/ftp/vsftpd_234_backdoor`, set the target IP using `set RHOST 192.168.1.5`, and then run the exploit using the `exploit` command.

  • What happens after successfully exploiting the Metasploitable 2 machine?

    -After a successful exploit, you gain a command shell on the target machine with root privileges. From here, you can explore the system further, view files, and perform additional post-exploitation activities like reading password files.

  • How can you view the password file on Metasploitable 2 after gaining root access?

    -Once you have root access, you can view the password file on Metasploitable 2 by running the command `cat /etc/shadow`. This file contains user credentials in an encrypted format, which could potentially be cracked to gain further access.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
★
★
★
★
★

5.0 / 5 (0 votes)

Related Tags
Penetration TestingMetasploitable 2Nmap ScanMetasploit ExploitNessus ScanVulnerability AssessmentCybersecurity ToolsEthical HackingRoot AccessSecurity TrainingLinux Hacking