: Targeting the vsFTPd 2.3.4 backdoor on Metasploitable 2 ( 10.0.2.3 ).
Successfully gained a command shell session with root privileges.
: Once root access was established, I extracted the sensitive system files to audit the credentials.
-
User List: " cat /etc/passwd "
-
Password Hashes: " cat /etc/shadow "
: I moved the exfiltrated data to my local Kali machine and used the "unshadow" utility to prepare the files for cracking.
Results: : John the Ripper successfully recovered 6 plain-text passwords using a dictionary attack.
- msfadmin: msfadmin
- sys: batman
- klog: 123456789
- service: service
- postgres: postgres
- user: user
