Metasploitable 2 – Compromise: Root Shell

Remember our Nmap results? (https://securityaspirations.com/2017/06/25/metasploitable-2-system-recon/)

One of the entries in there was listed as follows:

1524/tcp  open  shell       Metasploitable root shell

This is probably one of the simplest Metasploitable vulns. There is a root shell open on the box, lets see if we can connect to it with telnet

telnet 192.168.168.134 1524

  • Telnet <dest_IP> <dest_Port>

 

Metasploitable root login

Surprisingly we are connected to the shell without being prompted for credentials.

A quick check with ‘whoami’ and ‘hostname’ commands confirms we are root and on the metasploitable box.