Share
## https://sploitus.com/exploit?id=043EDABD-0AE9-5782-86C8-292D57152221
🛡️ Metasploitable2 Vulnerability Assessment
Author: Jaden Julius Mascarenhas
Role: Cybersecurity & Web Development Intern | Aspiring SOC Analyst

📌 Overview
This project documents a full vulnerability assessment of the Metasploitable2 machine.
It demonstrates practical offensive security skills, network traffic analysis, and SOC‑style reporting.

The assessment includes:

Reconnaissance (Nmap)

Vulnerability identification

Exploitation (vsftpd, distcc, Samba)

Wireshark traffic analysis

Evidence collection

Mitigation recommendations

The goal is to simulate a real‑world penetration test and present findings clearly and professionally.

🧰 Tools Used
Nmap – service enumeration & vulnerability discovery

Metasploit Framework – exploitation

Wireshark – packet capture & traffic analysis

Kali Linux – attacker machine

Metasploitable2 – vulnerable target

🧠 Skills Demonstrated
Network scanning & enumeration

Identifying vulnerable services

Exploiting RCE & backdoor vulnerabilities

Reverse shell handling

Packet inspection & protocol analysis

SOC‑style documentation

Writing clear, evidence‑based reports


1. Reconnaissance (Nmap)
A full TCP scan (-p-) with service/version detection (-sV) and default scripts (-sC) revealed multiple outdated and vulnerable services.

Key findings:

vsftpd 2.3.4 – backdoored version

distccd – remote code execution

Samba 3.0.20 – CVE‑2007‑2447 (command injection)

Apache Tomcat 5.5 – weak credentials (optional)

UnrealIRCd – backdoored version (optional)

Telnet, FTP, SMB, NFS – insecure legacy protocols

Full scan output is stored in /scans/.

💥 2. Exploitation Summary
✔ vsftpd 2.3.4 Backdoor
Triggered using a username containing :)

Opens a shell on port 6200

Leads to remote access

✔ distcc Remote Code Execution
Accepts unauthenticated job requests

Executed commands remotely

Reverse shell obtained

✔ Samba 3.0.20 (CVE‑2007‑2447)
Command injection via usermap_script

Achieved root access

Each exploit folder includes:

Step‑by‑step commands

Output

Screenshots

Impact

Mitigation

🌐 3. Traffic Analysis (Wireshark)
✔ Cleartext HTTP Credentials
Captured POST request:

Code
username=jaden&password=123445
This demonstrates insecure authentication due to lack of HTTPS.

✔ Reverse Shell Traffic
Shows the victim connecting back to the attacker.

✔ SMB1 Negotiation
Shows unencrypted, legacy SMB traffic.

✔ FTP Backdoor Behaviour
Shows unusual payload patterns.

Each analysis folder includes:

Screenshot

Raw packet

Explanation

Why it’s insecure

📝 4. Report
The final coursework report is stored in:

Code
/report/Coursework-B-Report.pdf
It includes:

Executive summary

Vulnerability descriptions

Exploitation walkthroughs

Wireshark evidence

Mitigation recommendations

🧠 Key Takeaways
This project demonstrates:

End‑to‑end penetration testing workflow

Real exploitation skills

SOC‑level traffic analysis

Strong documentation

Ability to communicate technical findings clearly

Exactly what recruiters look for in a junior SOC analyst.

🚀 Future Improvements
Add Suricata IDS alerts

Add Sigma/YARA detection rules

Add MITRE ATT&CK mapping

Automate scanning with Bash/Python