Learn hacking with Metasploitable 2 [Step-by-Step]


Kali Linux, Ethical hacking

Reviewer: Deepak Prasad

Simple guide to learn hacking using Metasploitable 2

In this article we will learn to run a penetration testing on a target Linux system for the purpose of determining the vulnerabilities on the targeted computer system. The guide will involve exploiting various vulnerabilities within the Metasploitable Linux system. We will be using NMAP for reconnaissance and Metasploit framework to exploit the vulnerabilities we find on the system.

 

Overview on NMAP

NMAP  is an opensource tool used by penetration testers for network security auditing and network discovery. Some of the advantages of using NMAP are;

  • It supports many advanced techniques used to map out the network which may have routers, firewalls and IP filters hence it is flexible.
  • It is comprehensive and have numerous tutorials available online. It is well documented.
  • It is a popular tool among pen-testers and aspiring pen-testers hence numerous support on online forums.
  • NMAP is open source meaning the tool is free to download and use. Pen-testers do not need to purchase a license in order to use NMAP in their penetration testing activities.

 

What is Metasploit

This is a tool developed by Rapid7 for the purpose of developing and executing exploits against vulnerable systems. It is also instrumental in Intrusion Detection System signature development. It aids the penetration testers in choosing and configuring of exploits. Metasploit is available is two versions; The Metasploit Pro version which has advanced options such as managing social engineering campaigns and the free version which has less but useful options and tools for a pen-tester. You can download Metasploit on its official website here https://www.metasploit.com/download

 

Pre-requisites

 

Requisites

  • Knowledge of using a terminal.
  • Have both the Metasploitable and Linux operating system running.
  • Have knowledge to use NMAP.

With that in mind, lets jump right into our guide.

 

Getting Metasploitable IP address

We first need to know the IP address of our target system. We run our Metasploitable and on the terminal we use

 ifconfig

command in order to know the IP address of our target system. As shown below, we have our system IP address.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Scanning target system for vulnerabilities

Having the IP address we now move to our Kali Linux for the purpose of auditing our target system using NMAP for the purpose of identifying vulnerabilities within our target system.We now scan the target system using NMAP command

nmap -sV -O 172.16.225.128

In the screen below, we see the vulnerabilities within our target system. The -O NMAP command is to determine the operating system within which target system is operating on. the -sV option will help us determine the version of the services running on these ports. The system has many open ports as it can be seen in the screenshot below. Each port has a technique or else a way of exploiting its vulnerabilities.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

We now have the information we require to exploit the vulnerable system.We will be exploiting some of the vulnerabilities we have just discovered above.

 

FTP port 21 exploit

Our first vulnerability to exploit will be FTP which runs on port 21.

 

Step-1: Launching Metasploit and searching for exploit

We fire up our Metasploit using:

msfconsole

command and search for vulnerability relating to vsftpd. (Metasploit has the known vulnerabilities exploit database hence makes it easier for a pen-tester to load and use the exploit). On searching for exploits related to FTP services, we find an exploit “exploit/unix/ftp/vsftpd_234_backdoor” as shown below.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-2: Using the found exploit to attack target system

We now have to use the exploit to attack out target system. We enter command to use the backdoor.

use exploit/unix/ftp/vsftpd_234_backdoor

set the remote host

set RHOST 172.16.225.128

to our target system IP address and run the exploit.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-3: Checking privileges from the shell

We get a shell from the target system and we can test by checking which account the shell is on. The shell is running on the system with root privileges as Shown below. From the shell you can access and make changes to our target system.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Exploit VNC port 5900 remote view vulnerability

VNC (Virtual Network Computing) enables a users to control another computer over a network connection. In this attack we will be attacking our target system on port 5900 in order to control it over remotely.

 

Step-1: Launching Metasploit and searching for exploits

We fire up our Metasploit framework and search for a vulnerability which will enable us to crack the VNC remote login credentials as shown below. using key words "vnc login"

search vnc login

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-2: Using the found exploit to get VNC password

We have to use "auxiliary/scanner/vnc/vnc_login"

use auxiliary/scanner/vnc/vnc_login

vulnerability and set our remote host or else our target system IP address and run.

set RHOST 172.16.225.128

On the screen below you can see metasploit was able to crack the VNC login password and it is shown below.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-3: Gaining remote control of target system via VNC

Having the IP address and VNC login password, we will open another terminal from where we will try to connect remotely to our target system. The password login credentials are “password: password

Learn hacking using Metasploitable 2 [Step-by-Step]

 

And we have a remote connection to the target system as shown on the screen below. We are able to view what is happening on our target’s screen. We can also be able to control the system and launch different terminals. In short, it is as if you have the system in front of you and can do anything you want to do with it.

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Exploit Samba server vulnerability

Our last vulnerability is the samba server vulnerability. We will be exploiting this vulnerability on our target machine to gain a TCP shell from which a hacker can be able to perform malicious activity on a vulnerable server since our target system has Samba “username map script” Command Execution.

 

Step-1: Launching Metasploit and searching for exploits

We will first launch msfconsole and search for an exploit which matches the vulnerability found on metasploit from which we will launch our attack.

msfconsole

As you can see we have our “exploit/multi/samba/usermap_script” vulnerability which we need to launch our attack.

search usermap script

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-2: Using the found exploit to gain remote shell

We set to use the script vulnerability, set the target IP address and run the exploit.

exploit/multi/samba/usermap_script

set RHOST 172.16.225.128

exploit

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Step-3: Checking privileges of the shell acquired

We now have a remote shell. We can check our privileges on on the shell established using the command “whoami

whoami

We are in the target system as the “root

Learn hacking using Metasploitable 2 [Step-by-Step]

 

Conclusion

In the above tutorial we learnt on different vulnerabilities which are available on Metasploitable 2. With the help of Metasploit we are able to exploit the vulnerability with more ease as it helps us in searching for the right vulnerability by just a single command. On a live system, we do not expect these many vulnerabilities but be sure to find one or two. You can use our other guides to try and exploit the other vulnerabilities which are on Metasploitable 2.

 

References

 

Kennedy Muthii

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment