Metasploit: Target Exploitation

 DISCLAIMER!

This content is intended solely for educational and ethical purposes. The tested IP that is revealed is created by our lecturer and this activity is conducted with permission. All activities related to cybersecurity must comply with available regulations. The author (me) is not responsible for any misuse or illegal activities performed using the knowledge shared here. Any actions taken by the readers using this info are at the reader’s own risk.  

Utilizing Metasploit for Exploiting Target

Metasploit is a free and open-source tool used by pen testers to conduct vulnerability exploitation in the target system. Using Metasploit, we can assess the vulnerabilities that the target has and also exploit it to attack the system. Therefore, it is a powerful tool for penetration testing.

Image source: https://www.linkedin.com/pulse/metasploit-framework-explained-understanding-its-joel-mutiso-yvihf/

To see what tools that Metasploit has, we can use cd usr/share/metasploit-framework and ls to see the folders and files inside the directory.

After that, we can cd modules/exploits to see what tools that Metasploit has for what OS.

Tools for Windows can be seen in the windows directory by using cd windows. Okay, now, we will start the tutorial for using Metasploit for exploiting the target’s vulnerabilities.

First, open a new terminal. We need to perform nmap to scan the port that is open in the target system by using sudo nmap -sV [target IP]. The result of the scanning is that some ports are open, which are port 21, port 22, port 1524, and so on. We will use this later.

Next, back to the previous terminal, we type msfconsole and wait until the word msf6 appears.

 From the previous scan, we know that port 21 is open, so we want to exploit the FTP. Therefore, we type search vsftpd (Very Secure FTP Daemon, a widely used FTP server) to see what modules that we can exploit. Next, we will choose to use the exploit/unix/ftp/vsftpd_234_backdoor.

After that, we typed show options to see what the needed configuration and set RHOSTS (target host) to our target’s IP address. We can reconfirm it by typing show options again. After that, we can launch the exploitation by typing exploit or run.

Now, if the exploitation is successful, then you can type ls and see the folders that the target system has.

Besides using port 21, we can also use port 1524 to access the root shell if it is open. We can do it by using nc 192.168.0.102 1524. If it is successful, then we can verify it by using whoami to ensure that we are in the root shell. We can also use ls to list the directory and mkdir to create a new folder in the target system.

If port 22 is open, we can exploit the ssh to login to the server. We will perform a brute force attack to log in to the target system. First, we will search ssh_login and use the auxiliary scanner for ssh_login. The syntax is use auxiliary/scanner/ssh/ssh_login. After that, we show options to see the configuration needed.

Make sure you have a txt file containing the usernames that you want to brute force to be the USER_FILE and another txt file containing passwords that you want to brute force to be the PASS_FILE. You can create them first if you do not have them. Also don’t forget to set the RHOSTS or the target IP.

After that, run the brute force attack. As you can see in the picture below, the correct username and password are msfadmin and msfadmin.

 

Closing Remarks

As stated in the disclaimer, the IP address used for this test is owned by my lecturer, and he also permitted us to do this attack. You should not conduct a brute force attack on any IP addresses without the owner’s permission because it is unethical behavior. And that’s all from me, thank you!