This is a write-up for Basic Penetration Testing v1, Completion time: 20 minutes

Difficulty: Very Easy Required knowledge/Tools: Basic Linux,nmap,nikto,msfconsole


Running virtualization platform: VMWare

After importing the machine, I did a quick nmap scan to find out what services were running there.

There were three services running there

1. FTP on port 21. 2. SSH on port 22. 3. HTTP on port 80

The initial nmap scan didn't provide me with much info so I used msfconsole auxiliary information gathering tool about FTP, which gave me information about the banner of the FTP server.

A quick google of that showed that it this specific version of the FTP server came from a time when it had a backdoor in it and anyone can connect to it.

Thankfully for simplicity's sake, msfconsole has the vulnerability exploit built in.

And we have an open shell immediately running under root privileges.

  • projects/penetration_testing/vulnhub_walkthroughs/basic_penetration_testing.txt
  • Last modified: 2019/08/12 00:24
  • by vares