Download - Assignment
![Page 1: Assignment](https://reader036.vdocument.in/reader036/viewer/2022083018/577c84ab1a28abe054b9e380/html5/thumbnails/1.jpg)
AssignmentHacking Web Servers
![Page 2: Assignment](https://reader036.vdocument.in/reader036/viewer/2022083018/577c84ab1a28abe054b9e380/html5/thumbnails/2.jpg)
• You have just been asked to carry out a security analysis on a web server(metasploitable) by a hosting company.• The web server is a shared web server hosting the websites of several
customers.• The task requires:• Carrying out a vulnerability scan on the webserver (metasploitable) using a
tool of choice (Nessus or OpenVAS)• Try exploiting at least one of the vulnerabilities detected
![Page 3: Assignment](https://reader036.vdocument.in/reader036/viewer/2022083018/577c84ab1a28abe054b9e380/html5/thumbnails/3.jpg)
Setting up Kali for Vulnerability Scanning• root@kali:~# openvas-setup• root@kali:~# openvas-start
![Page 4: Assignment](https://reader036.vdocument.in/reader036/viewer/2022083018/577c84ab1a28abe054b9e380/html5/thumbnails/4.jpg)
Vulnerability 1• What is VSFTPD?
• vsftpd, which stands for "Very Secure FTP Daemon",is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
• In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200. This was not an issue of a security hole in vsftpd, instead, someone had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine.
• exploit/unix/ftp/vsftpd_234_backdoor• This module exploits a malicious backdoor that was added to the VSFTPD download archive. This
backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available.