Cybersecurity Lab
Metasploit Exploitation Lab
Exploited Metasploitable2 using Metasploit Framework — attempted VSFTPD 2.3.4 backdoor (unsuccessful) and successfully achieved root access via the Samba Usermap Script vulnerability.
Completed2026Intermediate
Objective
Practice controlled exploitation using Metasploit modules against an intentionally vulnerable target, document methodology, and understand why some exploits succeed while others fail.
Tools Used
Metasploit FrameworkKali LinuxMetasploitable2Nmap
Steps Performed
- Ran Nmap service detection (`nmap -sV 192.168.128.2`) to identify 21 open ports including FTP (vsftpd 2.3.4) and SMB (Samba).
- Launched Metasploit Framework and searched for the VSFTPD 2.3.4 backdoor module.
- Selected `exploit/unix/ftp/vsftpd_234_backdoor`, set RHOSTS to 192.168.128.2, and ran the exploit — no shell was established.
- Searched for Samba modules and selected `exploit/multi/samba/usermap_script`.
- Set RHOSTS and LHOST (192.168.128.4), executed the exploit, and received a command shell session.
- Performed post-exploitation: ran `whoami` (output: root), `uname -a`, and `cat /etc/passwd`.
Key Findings
- VSFTPD 2.3.4 backdoor exploit did not establish a shell session against this target.
- Samba Usermap Script (`exploit/multi/samba/usermap_script`) successfully provided unauthenticated root-level access.
- Post-exploitation confirmed identity as root on Linux metasploitable 2.6.24-16-server.
- 21 open ports identified via Nmap including legacy services: vsftpd 2.3.4, Apache 2.2.8, MySQL 5.0.51a, UnrealIRCd, and a bindshell on port 1524.
Screenshots
Evidence Files
Lessons Learned
- Not every exploit succeeds — documenting failures is as important as documenting successes.
- Samba Usermap Script demonstrates how misconfigured legacy services lead to full system compromise.
- Post-exploitation steps (whoami, uname -a, /etc/passwd) establish evidence of access for reporting.
Future Improvements
- Test additional Metasploitable2 service exploits (UnrealIRCd, ProFTPD, Java RMI).
- Practice privilege escalation from a limited shell rather than starting with root.
References
- Metasploit Unleashed documentation
- CVE details for VSFTPD 2.3.4 and Samba Usermap Script
- Rapid7 exploit database





