Penetration Testing For Beginners | Basic pentesting 1 Vulnhub Walkthrough CTF

We covered the solution walkthrough of Basic pentesting 1 Vulnhub by introducing the basic steps and methodology involved in a penetration test.

Offensive Security Certified Professional Study Notes and Guide

The Complete Practical Web Application Penetration Testing Course

Highlights

Both numerous remote vulnerabilities and several avenues for privilege escalation are present on this machine. Since VirtualBox is what I used for all of my testing, that is the suggested platform. It is said to work with VMware as well, but I haven’t personally tested this.

This virtual machine is designed with novice penetration testers in mind. The VM should, ideally, have the ideal level of complexity for beginners.

Open Ports

21/tcp open ftp ProFTPD 1.3.3c
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2
80/tcp open http Apache httpd 2.4.18 (Ubuntu)

We used searchsploit commond to search ProFTPD 1.3.3c on ExploitDB.

And for that, we discovered two exploits. There was a backdoor in ProFTPD 1.3.3c. A backdoor is a malicious code hidden in the source code. Furthermore, Metasploit-framework is capable of exploiting this Backdoor Command Execution vulnerability.