Metasploitable 2 – Compromise: rlogin

One of the simplest compromises of the Metasploitable box.

We can see from the nmap results:

513/tcp   open  login?

Nessus also detected the use of rlogin:

High (7.5) 10205 rlogin Service Detection

At this stage we don’t have any info on possible accounts on the Metasploitable box but it probably likely that there is a ‘root’ account.

As such we can try the following command and see what we get:

rlogin -l root 192.168.168.134
  • -l: user to login as

rlogin1

So we are prompted for a password – a good sign the root account is valid.

But there is actually more to this than the above suggests.

I am using a fresh install of Kali 2 and the rsh-client is not installed by default. So lets install it with:

apt-get install rsh-client

rsh-client

Now lets try that original rlogin command once more:

rlogin - compromise

Bingo… we’re in, and with root access no less.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s