: This project shows how to find and exploit a critical vulnerability in a network. I used Kali Linux to attack a Metasploitable 2 target in a safe virtual lab.
: I setup a NAT Network in VirtualBox so the machines could talk to each other without affecting my ral computer.
- Attacker IP: 10.0.2.15
- Target IP: 10.0.2.3
: I used Nmap to scan the target for open ports and known bugs.
- Command: nmap -sV --script vuln 10.0.2.3
- Result: I found a critical backdoor in the vsFTpd 2.3.4 service.
: I used Metasploit to take control of the target.
- Module used: exploit/unix/ftp/vsftpd_234_backdoor
- Result: I gained full administartive access.
- Proof: Running the ( whoami ) command returned ( root ).
: Once I had access, I proved the danger by viewing sensitive system files.
- I accessed ( /etc/shadow ) to see encrypted password hashes.
- I accessed ( /etc/passwd ) to see the user list.
: This lag proves that an unpatched network service can lead to a total system takeover in minutes.