Exploiting Metasploitable2 without Metasploit – VSFTPD v2.3.4

After my OffSec PWK lab time ran out, I’m working on exploiting vulnerabilities without using Metasploit beyond use of exploit/multi/handler in preparation for the OSCP exam.

On port 21, VSFTPD v2.3.4 is vulnerable to backdoor command execution.

End the username with a smiley “:)” and input any password and then connect to port 6200 for a root shell.

(Visited 105 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.