Wednesday, September 9, 2015

Exploiting Metasploitable2 without Metasploit - VSFTPD v2.3.4

After my OffSec PWK lab time ran out, I'm working on exploiting vulnerabilities without using Metasploit beyond use of exploit/multi/handler in preparation for the OSCP exam.

On port 21, VSFTPD v2.3.4 is vulnerable to backdoor command execution.

End the username with a smiley ":)" and input any password and then connect to port 6200 for a root shell.