Today I had an hour to have a play with Metasploit and Metasploitable 2.
After the success of my first attempt exploiting port 21 (FTP), I was ready to move on and tackle another port. So, I fired up Kali and ran an Nmap scan on the IP address of my Metasploitable 2 VM:
nmap -sV -p- 192.168.56.101
From the results, port 23 stood out with the Telnetd service running.
Naturally, I did what every beginner does — I Googled around and found a CVE vulnerability for Telnet. Excited, I jumped into msfconsole to search for exploits:
msfconsole
search telnet
set RHOSTS 192.168.56.101
set RPORT 23
run
Unfortunately, that’s where the excitement ended. After multiple crashes of both msfconsole and even Kali itself, my hacking adventure was cut short. My one free hour was gone, and I hadn’t gotten anywhere.
To make it worse, when reviewing my Nmap results, I realized I had completely overlooked port 22 (SSH) — probably a much better starting point. Lesson learned: don’t get tunnel-visioned on one service.
So for now, I’m calling it quits for today. Next week, I’ll log back in and maybe take a step back to tackle SSH properly before circling back to Telnet.
Looks like today my exploit attempt turned into more of a denial-of-service—against myself. But hey, cybersecurity is all about persistence. If at first you don’t succeed, just CTRL+alt+Del and try again. I may have been cut short by time and crashes today, but I’ll keep hashing out my mistakes until I finally get root access.
After all, the real exploit is patience.
