Server-Side Attacks – Metasploit Basics

This section focuses on a basic exploit known as a backdoor, selected to illustrate the use of the Metasploit framework. Metasploit is a tool used for both developing and executing exploits.

To identify the exploit, we conduct an Nmap scan and perform a Google search using the service name, in this case “vsftpd 2.3.4 exploit”, to locate potential exploits. The top search result is from Rapid7, the company that created the Metasploit framework, and it identifies a backdoor command execution exploit in version 2.3.4 of the FTP program. By checking the Nmap results, we confirm that this program is present on the target machine, allowing us to potentially execute commands on it using this exploit via Metasploit.

Metasploit is a comprehensive framework developed by Rapid7 that includes numerous exploits and enables us to exploit vulnerabilities or create custom exploits. The Metasploit commands are straightforward and user-friendly. Below are some basic commands:

show: This command shows the available exploits. We can show the available auxiliaries and the available payloads.
use: The “use” command in Metasploit is employed to select a specific exploit that we have identified. After displaying a list of exploits, we can choose the one we want to use and type its name with the “use” command to execute it.
nsole: It is used to run the Metasploit program.
help: Using this command, we can get information about the commands and description of how we can use them.
set: The “set” command in Metasploit is used to configure specific options for an exploit. To set a specific port for the target, for instance, we would use the “set” command followed by the port value we wish to assign.
exploit: At the end, once we finish configuring, we can type in exploit to execute that exploit.

After performing an Nmap scan and searching for “vsftpd 2.3.4 exploit” on Google, we discovered that this service has a backdoor command execution vulnerability. As this vulnerability is listed on Rapid7, it is exploitable using Metasploit, and we will be using the “exploit.unix/ftp/vsftpd_234_backdoor” module to exploit this particular vulnerability.

To launch Metasploit, we will open our console and enter the “msfconsole” command. We will then execute the desired exploit by typing “use exploit.unix/ftp/vsftpd_234_backdoor” in the console.

server-side-attacks-metasploit-basics

As shown in the screenshot, we have successfully selected the desired exploit by changing the console prompt to “exploit” and displaying the name of the chosen exploit, which in this case is “exploit/unix/ftp/vsftpd_234_backdoor”.

server-side-attacks-metasploit-basics2

To view the available options for the selected exploit, we will use the “show options” command, which displays all the configurable options for the specific exploit. As shown in the provided screenshot, we can use the “show” command for various purposes, and in this case, we are using “show options” to view the available options for the “exploit/unix/ftp/vsftpd_234_backdoor” exploit.

server-side-attacks-metasploit-basics3

As shown in the screenshot, the second option listed is the “RPORT” option, which is already set to port 21, the default port for FTP. We can confirm from our Nmap scan that the target FTP server is also running on port 21. To set the target IP address, we will use the “set RHOST” command and specify the IP address of the target machine, which is “10.0.2.4” in this case. If we need to change the port, we can use the “set RPORT” command to specify a different port.

server-side-attacks-metasploit-basics4

As shown in the provided screenshot, we have used the “set RHOST” command and set the IP address of the target machine to “10.0.2.4”. This command changes the value of the “RHOST” option to the specified IP address, which means that the exploit will target this machine.

server-side-attacks-metasploit-basics5

As shown in the provided screenshot, we have used the “show options” command again to confirm that the changes we made to the exploit options have been successfully applied. We can see that the value of the “RHOST” option is now set to “10.0.2.4“, which is the IP address of the target machine that we want to exploit.

server-side-attacks-metasploit-basics6

As shown in the provided screenshot, we have executed the “exploit” command to exploit the vsftpd 2.3.4 backdoor vulnerability. The exploit was successful, and we have gained access to the target machine. We can confirm that we have root access to the target by running the “id” command, which shows the user and group IDs for the current user. In the output of the “id” command, we can see that our UID is indeed set to root.

server-side-attacks-metasploit-basics7

In summary, the exploit was successfully executed using the Metasploit framework by setting the necessary options such as RHOST and port. As a result, the attacker gained access to the target computer and was able to run Linux commands such as id, uname -a, ls, and pwd. With this level of access, the attacker could potentially perform further malicious actions on the compromised system.

server-side-attacks-metasploit-basics8

The previous use of Metasploit was a basic example of its capabilities, and in the future, we can use it for more advanced and sophisticated actions.

To learn more about Ethical Hacking and topics such as Server-Side Attacks and Metasploit Basics, make sure to follow our website @ tutorials.freshersnow.com.