Dockerlabs - FirstHacking Dockerlabs - FirstHacking

Dockerlabs - FirstHacking

FirstHacking

Introduction

In this write-up, we will work on the FirstHacking machine, with the following objectives:

•Gain root access to the system.

•Exploit the vulnerability in the FTP service.

🧠 Reconnaissance

Initial Scan

First, we deploy the machine using Docker, where we can see the IP address of the target machine.

Máquina desplegada

We perform a scan with Nmap to discover open ports and services.

Escaneo inicial

The scan results show that we have only one open port, “21”, with the FTP service running.

Resultado del escaneo

🔓 Service Investigation

We proceed to investigate the service found during the scan to check for any vulnerabilities.

Using the tool Searchsploit, we find that for the FTP version vsftpd 2.3.4, there is a Backdoor Command Execution vulnerability.

Buscar una vulnerabilidad

We use Metasploit to exploit this vulnerability, which allows us to run an exploit to create a backdoor on the system.

Uso de metasploit

We select the exploit to use for the attack.

Selección de exploit

We check the required parameters for the exploit and configure them with the IP address of the target machine.

Parámetros requeridos

Configuración de parámetros

🧼 Exploitation

After configuring the exploit with the necessary parameters, we run it on the target machine.

The exploit runs successfully, and we confirm that we have gained access to the target machine, where we also verify that we have root access.

Explotación de la máquina

🏁 Conclusion

In this write-up, we successfully identified and exploited a vulnerability in the FTP service of the FirstHacking machine. By using tools like Nmap, Searchsploit, and Metasploit, we were able to gain root access to the system. This machine is a great exercise for beginners to start practicing ethical hacking.


← Back to Write Ups