Thursday, September 29, 2016

Pwning Metasploitable 2: Exploiting the Vulnerable vsFTPd 2.3.4 service (Automatically)

On our previous article we learnt how to exploit the service manually. You can find that article here

Now let’s check out how exploit it without having to do it manually. We will exploit it using the vsFTPd 2.3.4 Backdoor Command Execution exploit module. 

Metasploit is a penetration testing application. It can run scans with nmap, check for vulnerabilities on target host, and allows for easy exploit execution. It holds a database of exploits which are ready to load and execute on the target host.

Starting Metasploit Console


Enter the command: msfconsole



The “msf> ” shows that you are now interacting with the metasploit console.

Searching for vsFTPd exploits


Enter the command: search vsftpd

This command tells metasploit to search any exploits for vsftpd



The results show that we have an exploit for it in our metasploit database. From the description we can learn that the exploit is meant for the vsFTPd v2.3.4. And from the name we know that the exploit is located in the “exploit/unix/ftp/” directory.

Using the exploit


Enter the command: use /exploit/unix/ftp/vstfpd_234_backdoor

This command gets the exploit ready for you.We now need to give it a target to execute on. 



Setting target on the exploit


Enter the command: show options

This command opens up all the options you can give to the exploit.



We can see 2 options; RHOST and RPORT. Both of them are required but the RHOST is empty. RHOST is short for Remote Host a.k.a target address. We need to give it the target address.

Enter the command: set RHOST <<target IP address>>



Enter the command: show options

To see whether the target is set and any other remaining required options that need to be set.



Looks like all is set. We now just need to execute the exploit. We can do that by entering the command: exploit (or run).

Running the set exploit





This now gives you your backdoored shell :)


-Jayesh Kerai (@secjay)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.