Before proceeding to the excite part. We start to learn this through local environment. Please download metasploit and deploy it on your oracle virtualbox or vmware player. Once complete download and deploy, please do run it and the default id and password is msfadmin
Pretend you are trying to hack one of the webserver in your organization. Open up your Kali and start with netdiscover to discover the webserver.
With above result, we suspect the webserver were on ip 192.168.0.11. Try access the ip through web browser.
now lets see if there were port open, our target is ftp port. Open up zenmap and try scan. Get the details of the ftp ports.
Base on above scan, you can see port 21/ftp were open and was using vsftpd version 2.3.4. Now lets look for any exploit available for this version. Follow this link after google for the vsftpd 2.3.4 exploit
copy the module name mention by rapid7 website and lets try hack it. Now open up metasploit and run this command
Now let see what option we have to start the exploit. Run this command to view the options
Fill is the requirement to proceed the exploit. start with setting in the remote host “RHOST” and setting in the port for the ftp if target change to custom port not using default 21.
msf exploit(vsftpd_234_backdoor) > set rhost 192.168.0.11
rhost => 192.168.0.11
msf exploit(vsftpd_234_backdoor) > set rport 21
rport => 21
Once complete, you may run the exploit command to start it
You may see the progress once the “exploit” command were run. as you can see the backdoor service has been spawned which is mean you are in and the next message is command shell session 1 opened. You are inside the target webserver. congratulation.
Lets try to verified with below step.
id – is to verified you are login as who
whoami – is to check you are who
pwd – is to know which directory you are
ls – to list down the directory you are in
Hope this help you understand the basic of hacking using metasploit.