Skip to content

ashwinp17/metasploit-exploitation-lab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

Metasploit Exploitation Lab — DistCC Remote Command Execution

Project Overview

Performed authorized exploitation testing against an intentionally vulnerable Metasploitable 2 system using Metasploit Framework in an isolated VirtualBox lab.

The assessment focused on the exposed DistCC service. After identifying the vulnerable service, I selected and configured the appropriate Metasploit exploit, executed it against the target, and successfully obtained command access.

All testing was performed against an intentionally vulnerable system in a controlled and authorized lab environment.

Lab Environment

  • Virtualization: Oracle VirtualBox
  • Firewall and router: pfSense
  • Attacker: Kali Linux
  • Target: Metasploitable 2
  • Exploitation tool: Metasploit Framework
  • Vulnerable service: DistCC
  • Target IP: 192.168.2.200

Objectives

  • Verify network connectivity to the vulnerable target
  • Identify the exposed DistCC service
  • Search for an appropriate Metasploit exploit
  • Configure the target and exploit settings
  • Execute the exploit
  • Confirm successful command access
  • Evaluate the security impact
  • Document appropriate remediation

Methodology

  1. Started Kali Linux, pfSense, and Metasploitable 2.
  2. Verified connectivity between Kali Linux and the target.
  3. Identified the exposed DistCC service during service enumeration.
  4. Opened Metasploit Framework.
  5. Selected the DistCC remote command-execution exploit.
  6. Configured the remote target address.
  7. Executed the exploit.
  8. Confirmed successful command access to the Metasploitable system.
  9. Documented the evidence, security impact, and remediation recommendations.

Key Finding

DistCC Remote Command Execution

The exposed DistCC service allowed remote command execution from the attacking system.

Successful exploitation demonstrated that an attacker could execute unauthorized commands on the vulnerable server. Depending on the privileges of the affected service, this could lead to:

  • Unauthorized system access
  • Data theft or modification
  • Malware installation
  • Privilege escalation
  • Lateral movement
  • Complete compromise of the vulnerable system

Evidence

Successful DistCC Exploitation

Successful DistCC exploitation using Metasploit Framework

The screenshot demonstrates successful exploitation of the vulnerable DistCC service and command access to the target system.

Recommended Remediation

  • Remove or disable DistCC when it is not operationally required
  • Restrict access to the DistCC service using firewall rules
  • Do not expose DistCC to untrusted networks
  • Upgrade or replace vulnerable and outdated software
  • Apply current security patches
  • Use network segmentation to isolate vulnerable services
  • Monitor systems for unauthorized command execution
  • Perform follow-up vulnerability scans after remediation

Skills Demonstrated

  • Metasploit Framework operation
  • Exploit selection and configuration
  • Vulnerability validation
  • Network service enumeration
  • Remote command execution testing
  • Linux command-line usage
  • Security-impact analysis
  • Remediation planning
  • Authorized penetration-testing methodology

Disclaimer

This project was completed solely for educational and portfolio purposes in a controlled cybersecurity lab. No public systems or unauthorized targets were tested.

About

Authorized exploitation of the DistCC service using Metasploit Framework in an isolated cybersecurity lab.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors