Metasploitable2 Intro

pentest metasplitable
Metasploitable2 Intro

Metasploitable 2 - Introduction

As with all aspects of penetration testing, we first undertake a Reconnaissance Phase. For Metasploitable 2 (MS2) we already know the IP for the machine and we have approval to scan. (Presumably, your MS2 is in a Virtual Machine or container you have authorisation to use.)

We can start with a basic port scan using NMAP, piping the result to a file for our records and reporting:

nmap -sV -oN ms2.txt 172.20.10.6

The results are fairly comprehensive and offer us a selection of options to exploit the MS2 machine.

┌──(kali㉿kali1)-[~]
└─$ nmap -sV -oN ms2.txt 172.20.10.6 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-13 15:02 CST
Nmap scan report for 172.20.10.6
Host is up (0.0053s latency).
Not shown: 977 closed tcp ports (conn-refused)
PORT     STATE SERVICE     VERSION
21/tcp   open  ftp         vsftpd 2.3.4
22/tcp   open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp   open  telnet      Linux telnetd
25/tcp   open  smtp        Postfix smtpd
53/tcp   open  domain      ISC BIND 9.4.2
80/tcp   open  http        Apache httpd 2.2.8 ((Ubuntu) DAV/2)
111/tcp  open  rpcbind     2 (RPC #100000)
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
512/tcp  open  exec        netkit-rsh rexecd
513/tcp  open  login
514/tcp  open  tcpwrapped
1099/tcp open  java-rmi    GNU Classpath grmiregistry
1524/tcp open  bindshell   Metasploitable root shell
2049/tcp open  nfs         2-4 (RPC #100003)
2121/tcp open  ftp         ProFTPD 1.3.1
3306/tcp open  mysql       MySQL 5.0.51a-3ubuntu5
5432/tcp open  postgresql  PostgreSQL DB 8.3.0 - 8.3.7
5900/tcp open  vnc         VNC (protocol 3.3)
6000/tcp open  X11         (access denied)
6667/tcp open  irc         UnrealIRCd
8009/tcp open  ajp13       Apache Jserv (Protocol v1.3)
8180/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1
Service Info: Hosts:  metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.17 seconds

Over the next few posts we’ll look at how to attack and exploit the MS2 machine.

OzRhodes | Categories |