Remember our Nmap results? (https://securityaspirations.com/2017/06/25/metasploitable-2-system-recon/)
One of the entries in there was listed as follows:
1524/tcp open shell Metasploitable root shell
This is probably one of the simplest Metasploitable vulns. There is a root shell open on the box, lets see if we can connect to it with telnet
telnet 192.168.168.134 1524
- Telnet <dest_IP> <dest_Port>
Surprisingly we are connected to the shell without being prompted for credentials.
A quick check with ‘whoami’ and ‘hostname’ commands confirms we are root and on the metasploitable box.