From our previous articles we scanned all 65535 ports on metasploitable 2. And we found that among many open ports, port 1524 was open.
Google search “port 1524 ingreslock” and you see that it is a known backdoor.
Scan the port and service version
Enter the command: nmap -sV -p 1524 <<target IP address>>
Metasplotable root shell is running.
We just simply need to talk to that port via telnet, or netcat or ncat and should be able to gain root access because there is no authentication.
Telnet to port 1524
Enter the command: telnet <<target IP address>> 1524
Netcat to port 1524
Enter the command: nc <<target IP address>> 1524
We have our root access to our target machine.
'Moral of the article': Scanning is key to pwning the target. You can at times discover useful information that will help you get access to that system without going through much trouble.