Share
## https://sploitus.com/exploit?id=043EDABD-0AE9-5782-86C8-292D57152221
🛡️ Metasploitable2 Vulnerability Assessment
Author: Jaden Julius Mascarenhas
Role: Cybersecurity & Web Development Intern | Aspiring SOC Analyst
📌 Overview
This project documents a full vulnerability assessment of the Metasploitable2 machine.
It demonstrates practical offensive security skills, network traffic analysis, and SOC‑style reporting.
The assessment includes:
Reconnaissance (Nmap)
Vulnerability identification
Exploitation (vsftpd, distcc, Samba)
Wireshark traffic analysis
Evidence collection
Mitigation recommendations
The goal is to simulate a real‑world penetration test and present findings clearly and professionally.
🧰 Tools Used
Nmap – service enumeration & vulnerability discovery
Metasploit Framework – exploitation
Wireshark – packet capture & traffic analysis
Kali Linux – attacker machine
Metasploitable2 – vulnerable target
🧠 Skills Demonstrated
Network scanning & enumeration
Identifying vulnerable services
Exploiting RCE & backdoor vulnerabilities
Reverse shell handling
Packet inspection & protocol analysis
SOC‑style documentation
Writing clear, evidence‑based reports
1. Reconnaissance (Nmap)
A full TCP scan (-p-) with service/version detection (-sV) and default scripts (-sC) revealed multiple outdated and vulnerable services.
Key findings:
vsftpd 2.3.4 – backdoored version
distccd – remote code execution
Samba 3.0.20 – CVE‑2007‑2447 (command injection)
Apache Tomcat 5.5 – weak credentials (optional)
UnrealIRCd – backdoored version (optional)
Telnet, FTP, SMB, NFS – insecure legacy protocols
Full scan output is stored in /scans/.
💥 2. Exploitation Summary
✔ vsftpd 2.3.4 Backdoor
Triggered using a username containing :)
Opens a shell on port 6200
Leads to remote access
✔ distcc Remote Code Execution
Accepts unauthenticated job requests
Executed commands remotely
Reverse shell obtained
✔ Samba 3.0.20 (CVE‑2007‑2447)
Command injection via usermap_script
Achieved root access
Each exploit folder includes:
Step‑by‑step commands
Output
Screenshots
Impact
Mitigation
🌐 3. Traffic Analysis (Wireshark)
✔ Cleartext HTTP Credentials
Captured POST request:
Code
username=jaden&password=123445
This demonstrates insecure authentication due to lack of HTTPS.
✔ Reverse Shell Traffic
Shows the victim connecting back to the attacker.
✔ SMB1 Negotiation
Shows unencrypted, legacy SMB traffic.
✔ FTP Backdoor Behaviour
Shows unusual payload patterns.
Each analysis folder includes:
Screenshot
Raw packet
Explanation
Why it’s insecure
📝 4. Report
The final coursework report is stored in:
Code
/report/Coursework-B-Report.pdf
It includes:
Executive summary
Vulnerability descriptions
Exploitation walkthroughs
Wireshark evidence
Mitigation recommendations
🧠 Key Takeaways
This project demonstrates:
End‑to‑end penetration testing workflow
Real exploitation skills
SOC‑level traffic analysis
Strong documentation
Ability to communicate technical findings clearly
Exactly what recruiters look for in a junior SOC analyst.
🚀 Future Improvements
Add Suricata IDS alerts
Add Sigma/YARA detection rules
Add MITRE ATT&CK mapping
Automate scanning with Bash/Python