Basic Pentesting 1
This is the first box that I was able to exploit. An exploit is an attack on a system and will take advantage of vulnerabilities within that system. I am running Kali Linux inside of my virtual box environment. I started by downloading the vulnerable virtual box from Vulnhub’s website. I then put both virtual boxes on the same NAT network. I ran ifconfig to find my IP address on my NAT network.
I ran a Nmap scan to find the IP address of the vulnerable box. The -sn flag just tells Nmap not to look for ports.
I ran another Nmap scan to enumerate the vulnerable box. The -A flag scans for operating systems and services. The -T4 flag is the speed of the scan. 5 is the max speed. The -p- flag scans all 65,535 TCP ports. The results of the scan show that the operating system is Ubuntu Linux and that port 21,22, and 80 are open. Port 21 would be the best to find an exploit for. I have highlighted the FTP version number. The FTP or file transfer protocol is used to transfer files securely. Port 22 is also known as the secure file transfer protocol would be harder to exploit.
I fired up Metasploit to help me find some FTP exploits.
I searched for the exploit by the FTP version.
I then set the exploit to attack the vulnerable box. I was then able to take control of the box. As you can see I now have root access.
All vulnerabilities for Proftpd 1.3.3c can be found here. https://www.cvedetails.com/vulnerability-list/vendor_id-9520/product_id-16873/version_id-82841/Proftpd-Proftpd-1.3.3.html
Here is a link to the vulnerable virtual box I exploited. https://www.vulnhub.com/entry/basic-pentesting-1,216/
Thank you for visiting my blog. The post is purely for learning do not hack people for fun.
Please leave a donation with the link below if you would like to support the blog.
