Ultimate Guide to Attack Metasploitable with Metasploit v5

Attack Metasploitable machine with Metasploit using the most effective methods and tools. Pentest is like a state of mind.


What is Metasploitable?

msf5 > db_nmap -sC -A -vvv

What we will Hack?

VSFTPD v2.3.4 Backdoor Command Execution

This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.

Metasploitable References

  • OSVDB-73573

Samba “username map script” Command Execution

Attack Metasploitable
Attack Metasploitable

This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option.

By specifying a username containing shell meta characters, attackers can execute arbitrary commands.

No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!

Apache – PHP CGI Argument Injection

imagem 5

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution.

From the advisory: “if there is NO unescaped ‘=’ in the query string, the string is split on ‘+’ (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the “encoded in a system-defined manner” from the RFC) and then passes them to the CGI binary.”

This module can also be used to exploit the plesk 0day disclosed by kingcope and exploited in the wild on June 2013.


How to Attack FTP Servers port 21