Hello, using Nmap with the -sV option, I found several vulnerabilities. In this post, I am going to exploit vsftpd 2.3.4
I started by using SearchSploit to find possible exploits, and I found two options. One of them is available in the Metasploit Framework. Next, I launched the Metasploit Framework by typing 'msfconsole', and then used the 'search' command to look for the specific exploit.
There it was! The 'use' command allowed me to select the exploit. With 'show info', I got the description of the exploit.
After reading the description, my next step is to display all options using the 'show options' command.
The important parts are highlighted in the red rectangle. The RHOST needs to be set to the target's IP address. This can be done with the 'set RHOST IPAddress' command. The RPORT is the port on which the service will run. Additionally, the Exploit Target section is currently set to "Automatic," but it can be changed if other options are available via the 'set' command. After everything was set up, I started the exploit, and it was successful.
I can see that the exploit was successful because I gained a shell. Using the ls command, I was able to view the folders inside the Metasploitable OS. With the `whoami` command, I can also confirm that I have root access.