Today marked the start of my hands-on CPSA study. One of the big areas I need to get comfortable with is ports, vulnerabilities, exploits, and services—and the best way to learn them isn’t just reading about them… it’s testing them in action!
Building the Lab
I fired up Oracle VirtualBox and downloaded Metasploitable 2 and Kali Linux. Within 10 minutes, I had both VMs running.
First stop: Metasploitable 2
- Logged in
- Ran
ifconfigto grab my IP address — 192.168.1.37 - Mission complete
Next stop: Kali Linux
- Opened a terminal
- Time for my first Nmap scan
- Quick Google search later, I decided to run:
nmap 192.168.1.37 -sV
💡 What’s -sV?
It tells Nmap to detect the version of services running on each open port. Super useful for spotting outdated software that could be vulnerable.
The results gave me port numbers, the service names, and in some cases the exact version. Which is great… but then I thought: Now what?
Target Acquired – Port 21 (FTP)
I decided to start with the first result: Port 21, FTP (vsftpd 2.3.4).
A quick search led me to CVE-2011-2523 — a known backdoor vulnerability in vsftpd 2.3.4 that can give you a root shell. Time to see if it works.
Enter Metasploit
In Kali, I launched Metasploit by running:
msfconsole
At this point, I had no idea what to do… so, as always, Google to the rescue.
I learned about Metasploit’s search function, which lets you find:
- Exploits – Code that takes advantage of vulnerabilities
- Payloads – The code delivered to the target after exploiting it
- Auxiliary modules – Tools for scanning, sniffing, and other support tasks
To try my luck, I searched for vsftpd exploits:
search vsftpd
Bingo — there it was: an exploit for vsftpd 2.3.4. Since it was number 1 in the list, I just typed:
use 1
That loaded the exploit. Typing options showed me the settings needed.
The only thing I had to set was RHOSTS — the target IP address:
set RHOSTS 192.168.1.37
Then it was time for the moment of truth:
run
It executed, completed… and I had an open shell as root.
I typed ls and saw all the directories on the system
My first hack is in the bag. Iv exploited a service, been gained root, and whispered “Hello, World” to a vulnerable FTP server. For a split second, I understood how Neo felt in The Matrix… except I didn’t follow the white rabbit, I just followed Google commands
