In my quest to become a IT Security professional I've been playing around with the purposely vulnerable Linux distribution Metasploitable 2.
Metasploitable 2 is produced by Rapid 7, the company behind Metasploit. If you don't know already, Metasploit is a penetration testing framework that allows for development of exploits and execution of general penetration testing tasks. Metasploitable 2 is designed with several vulnerabilities in order for one to learn how Metasploit and learn about penetration testing in general.
I decided to give exploiting the backdoor vulnerability in vsftpd 2.3.4 a try.
First I began with a nmap scan against the host to verify that it was running the vulnerable version of vsftpd.
I then setup Metasploit for exploitation of the vulnerability.
The PAYLOAD command sets the payload to be sent to the target, in this
case an interactive shell that allows one to run commands on the
target. The RHOST command sets the IP address of the target host.
I then ran the exploit and got root on the box.
Metasploitable 2 and other distros like it make penetration testing accessible for those who don't get to do it for a living. It also gives one the opportunity to learn how to use the various security tools without risk of getting into any trouble.
Metasploitable 2 is produced by Rapid 7, the company behind Metasploit. If you don't know already, Metasploit is a penetration testing framework that allows for development of exploits and execution of general penetration testing tasks. Metasploitable 2 is designed with several vulnerabilities in order for one to learn how Metasploit and learn about penetration testing in general.
I decided to give exploiting the backdoor vulnerability in vsftpd 2.3.4 a try.
First I began with a nmap scan against the host to verify that it was running the vulnerable version of vsftpd.
I then setup Metasploit for exploitation of the vulnerability.
I then ran the exploit and got root on the box.
Metasploitable 2 and other distros like it make penetration testing accessible for those who don't get to do it for a living. It also gives one the opportunity to learn how to use the various security tools without risk of getting into any trouble.
No comments:
Post a Comment