Exploiting Metasploitable OS and gaining Access

What is an OS (Operating System)?

An Operating System is a set of programs that controls and manages the software and hardware of a computer. In layman terms , an OS is a System Software which acts as a communication bridge between hardware and software and controls and manages them.

An OS acts as an intermediate for hardware functions like I/O, Memory allocation, Job scheduling etc and manages them. The application code is ultimately executed by the hardware but it makes certain OS specific system calls to perform the operations. An OS provides API’s (Application Programming Interface) to the developers so that the programmers don’t have to deal with the OS specific code and can develop their applications without worrying about the backend OS functionalities.

There are many different types of OS’s. From the most famous and widely used Microsoft Windows (used in around 76.45% devices) to Apple’s very smooth and user friendly macOS (used in around 17.72% devices) to Linux distros (used in around 1.73% devices).

What is Metasploitable OS?

Metasploitable oS is an intentionally vulnerable Linux OS. It can be used to conduct security training, test security tools, and practice common penetration testing techniques. Metasploitable OS has almost every port set to OPEN that hosts and runs a crucial service for the OS.

We will now try to hack into Metasploitable OS machine and try to gain access from a remote computer.

First, we will scan all the ports of metasploitable oS 2 machine, to see what’s running on what port.

Now that we have gathered all the open ports , le’ts move onto attacking them and exploiting them one by one.

Attacking Different Ports

1) Exploiting Port 21: FTP –

We will be using Hydra to BruteForce into FTP service’s login credentials. The two wordlists for this operation will have default login names and passwords.

Lastly , if proper credentials are found , we will try to connect to the FTP service.

First we will try to bruteforce default login credentials with hydra and try to find login password for the open ftp service.

We found 4 username and password combinations!!

Now lets try logging into the ftp service by the found credentials :

 Hence, by brute forcing the credentials , we were easily able to exploit the port 21 of metasploitable2 machine.

2) Exploiting Port 22 SSH –

Metasploit has an auxiliary function that we will use on the SSH service running on port 22. One we get our session through it we will be upgrading it to Meterpreter.

This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open metasploit by typing “msfconsole”.

Using the auxiliary/scanner/ssh/ssh_login module :

Setting up the options :

 Running the exploit :

As seen in the above snapshot , we were able to bruteforce and find 4 username/password combinations.

As a result , 4 different ssh sessions were opened on the same port!

Now we will enter into one of these sessions and try to execute bash commands onto it :

Hence , this is how we can attack open SSH port , and by brute forcing the credentials , we can spawn a remote shell into the victim machine and control it.

3) Bruteforce Port 22 SSH (RSA Method) –

In this exploit , we will brute-force the SSH service using a 5720.py. exploit. The exploit comes with RSA keys that it used to bruteforce the root login. We will basically be running the exploit by giving it the path to the RSA keys we want to use and the IP of the target machine.

Here first we will download the 5720.py exploit from its GitHub repo. This exploit comes with thousands of RSA keys to bruteforce with.

 python 5720.py rsa/2048/ 192.168.25.130 root :

This command will run the 5720.py exploit and bruteforce RSA keys on the victim machine and try to SSH  it with root.

After bruteforcing around 30000 keys, we finally found the correct key.

 It also gave us an exact command to run. Lets try executing the given command and see what happens.

After running the command, we were successfully able to SSH into the metasploitable2 machine and access its bash shell

4) Remote Shell Exploitation –

Remote shell Protocol is another way to gain a remote shell, it is a legitimate service that we will use to access the target machine with login credentials to run a certain command.

From the credentials we obtained during SSH credentials bruteforce , we will now try to get into the victim machine using RSH (Remote Shell) protocol.

Type the following command : “rsh -l msfadmin 192.168.25.130”

We have successfully spawned a remote shell into the victim machine. We can now execute commands and control the machine as we please.

Hence, by using different protocols and exploiting them , we were able to spawn remote shells into the victim machine by which we can control and command it as we want.

Written By: Priyansh Gupta

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *