Skip to main content

[Metasploitable 2] Method #3: Bind Shell Backdoor

Hi friends,

This post will be short because the vulnerability is very clear and straightforward. As you may know, on my 2nd post on Metasploitable 2 hacking, I used Nessus to confirm the vulnerability found by Nmap. The scan results from Nessus are very interesting!


So let's just start by looking at the first one: Bind Shell Backdoor Detection.


The detail of this vulnerability says very clear that the Metasploitable 2 machine's shell is listening on port 1524. So let's try to use netcat to connect to port 1524.


That's easy, right? We also can see the connection from Kali to Metasploitable 2 on port 1524. Let's move to another way.
Labels:

Comments

Post a Comment

Popular posts from this blog

[Metasploitable 2] Method #1: Meet My Old Friend distccd v1

Hi friends, I would like to share with you how I hack Metasploitable 2 by utilize the distccd v1 vulnerability. These are many bugs in Metasploitable 2 that can help you to hack it. Why I choose distccd? After using NMAP to scan for open ports on Metasploitable 2, I think I might meet an old friend again. I faced up to distccd when playing with Hack The Box's Lame (you can read my write-up on box Lame here ). So, I guess I could use the same technique to hack Metasploitable 2 for the first time. Let's start! Using NMAP to scan for vulnerability on port 3632 :  nmap --script vuln -p3632 192.168.32.129 We got  CVE-2004-2687 ! Fire up Metasploit to search for the appropriate module or you can just use Google:  msf > search type:exploit name:distcc We know what module we have to use and then we can get in the box with the daemon user. How to become root? We have to find a way to escalate our privilege. Let's take a look on this article to know how ca
Post a Comment
Read more

[Metasploitable 2] Method #2: Thank to Somebody's Backdoor on vsFTPd 2.3.4

Hi friends, Today, I would like to share another way to hack Metasploitable 2. You might want to checkout my other posts on Metasploitable 2 here . So let's start! Using Nmap NSE to see if there is any vulnerability on port 21:  nmap --script vuln 10.0.2.5 -p21 and I found vsFTPd version 2.3.4 backdoor. For a studying purpose, I want to use Nessus on Kali to confirm the above vulnerability, but couldn't find it. Hmmm, maybe I need to change some parameters on my Nessus scan! However, the results from Nessus are very interesting, and I can use them for future works! Let's use Metasploit to find the correct exploit and make this shit done :) We can confirm a connection from Kali to Metasploitable 2 by a netstat command. Happy hacking!
Post a Comment
Read more