Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2 Video Lecture | Get to know Ethical Hacking (English) - Software Development

hey guys hacker sploit here back again
with another video and in this video
we're going to be continuing where we
left off where I'm gonna be showing you
how to use Metasploit to run an exploit
on a service in this case we're going to
be using Metasploit able and we're going
to be exploiting the FTP port so that we
can upload and download files to and
from the web server so let's get started
so in the previous video I actually I
showed you guys how to set up or how to
use Metasploit able to basically
exercise or test your skills in
exploiting so essentially what we did is
we scanned the IP address the local IP
address for Metasploit able and we
essentially give it an nmap scan to find
out what services were running and the
ports that we found that were open were
obviously going to be all the ports and
that's because Metasploit able is
configured to be that way
so the main thing that we're going to be
doing now is I'm going to show you how
to run an exploit on one of these
services
more specifically the FTP service
because a lot of you guys thought that I
didn't know how to use Metasploit I just
breezed over it because I wanted to do
that in this video so we're actually
going to be using Metasploit in this
video and i'll show you how to use it so
let's get started so we know that the
port's that we're targeting is the FTP
port which is port 21 so we know that
it's configured correctly now the
service that it's running or the service
version that it's running is V as FTP D
2.3.4 so what we did is we googled this
service to find exploits for it again
you can use any other website to search
for exploits any search engine many
people like to search on exploit DP or
exploit database because that's where
you'd find most of the exploits so I
found the exploit on rapid7 comm now
rapid7 is the company that develops
Metasploit and they essentially have an
exploit for this service which is vsf DB
D which is the FTP service for the
specific version 2.3.4 which the exploit
is a backdoor command execution which
allows
you know commands to be executed a bit
like what you would have in a reverse
shell so what we're gonna do is we
already have the exploit here the module
here so when talking about Metasploit
which is what we're going to be using
not Metasploit able now we let let us
just start it up
so to start up Metasploit you just open
up your terminal again I'm running
parrot OS it really doesn't matter what
pentesting OS they're using so MSF
console alright MSF console and just
give it a few seconds to start up it
shouldn't take too much time and we
should be good to go so while that's
starting up let me explain what
Metasploit is alright Metasploit is a
large database of exploits all right and
it essentially allows you to use these
exploits to your advantage and to
exploit systems now whatever you systems
you try and exploit that's up to you but
the cool thing about Metasploit is it
allows you to create your own met your
own exploits which is awesome so if
you're an advanced user and you actually
you are working with websites or
services most of the time when you find
vulnerabilities you can create an
exploit for the purpose of security and
patching so that's up to you so as you
can see here it's gonna take a while
it's gonna start the Metasploit a
framework console and we should begin
there we are so as you can see
Metasploit is pretty pretty simple to
navigate you have your information so
it's as it's telling you to check out
Metasploit Pro which is a very good
option if you're going to use this tool
lot in terms of the other information we
have 1662 exploits which is pretty
awesome and yeah let's get started now
pretty much there are a bunch of
commands that you have to be familiar
with with Metasploit and one of them is
obviously the help command so if we type
in help it's gonna give us information
or help really so this is essentially
the user's manual now I'm just gonna
tell you the most important commands
that will really really help you right
now so the most important commands right
now
the obviously the MSF console command
which will start Metasploit for you you
then have the used command right so
that's as simple as that
which allows you to use an exploit right
you then have the show command the show
command allows you to show the exploits
or the options available for the exploit
all right you then have your set command
your set command allows you to configure
an exploit or an option and you have
finally your exploit option which
essentially makes you run the exploit
that your currently that you currently
want to run so it's really very simple
now what we need to do is we need the we
need the name of the of the exploit in
this case the module name is right here
and it'll just give it to you in the
form that you need it so just copy this
because this is the name of the module
or the exploit for this matter and in
Metasploit what you want to do is just
type in use because that's the exploit
that we want to use and just paste in
the name alright now let me just
minimize this that could be a
distraction alright so once you have hit
that one just hit enter and as you can
see it's going to automatically detect
that you know that this exploit is
correct and it is a valid exploit now
what you can do is you can show the
options alright so show options and
essentially this will show you the
options that you can change and
configure according to what or how you
want the exploit to run now in the
previous video I touched upon this very
lightly and you guys thought that I
changed the things incorrectly and the
reason being is I did it really really
quickly and my job was not to actually
show you the exploit but let's do it
correctly now now what we need to do is
we need to understand a few things first
the our host is yo is the target address
all right and the our port which is
already configured to 21 is correct
because we know the port is configured
correctly if it was configured to
something like 422 by mistake that could
also be
something that you need to change now to
change the our host to what we want
which is the IP of the Metasploit bull
machine the machine that we want to
exploit in this case we need to
essentially say set our host alright so
set our host and we use the IP so one
ninety two point one sixty eight point
two point one twenty nine alright and if
we set that it's gonna say our host is
equal to and now we can essentially just
check we can say show options to make
sure that everything is configured
correctly before we run our exploit and
as you can see the our host is set to
the IP address and our port is
configured correctly because as I said
the port that we're trying to target
here is is going to be port 21 and the
IP address is right there one ninety two
point one sixty eight point two point
one twenty nine and again you can ping
yours to test it if it's still running
and yeah now what we can do now is all
we have to do is say exploit right as
simple as that and we hit enter and
let's see what we get
all right and there we are so it's going
to stop the banner capture and it's
going to say command shell session one
open so it's open a shell session which
means this system is Linux obviously and
we can run our Linux commands so pretty
pretty awesome and as you can see we can
send commands back and forth so let's
try a few commands let's see if we can
run a task manager oops we did not I
don't think that installed on the
Metasploit amoled machine
let's see if you can only clear command
there we are awesome so now we have a
clear bash or shell sorry about that
and we can try something like you named
our oops
you named our and yeah it's gonna kill
as the server version you say oh you
name a and there we are Linux Mint
exploitable blah blah blah we then we
can also list all the files available
and whoa there's a lot of files in there
and I guess you guys can see the power
of
if you have a server that has this
vulnerability depending on the service
that it's running you get the idea it's
very very powerful and you can run a
plethora of commands you know so it's
it's pretty pretty awesome that's gonna
be it for this video guys a little bit
of a short video but this is a very
important introduction to Metasploit
it's what's not important is the fact
that we're using a simple exploit it's
very important that I'm showing you guys
how to use it and how to get comfortable
with it
so I hope you guys found value in that
video if you did please leave a like
down below if you have any questions or
suggestions let me know in the comment
section down below or you can hit me up
on my social networks the links will
also be in the description if you have
any personal questions you know hit me
up on kik for the latest hacking news
and resources check out my website link
will be in the description and have a
fantastic day
peace
[Music]