Professional Documents
Culture Documents
The lab exercises below are designed to enhance your understanding of the material we have covered in class. Due to the
short duration of this course as part of a micro-credential, the exercises listed are not for marks. While it is strongly
recommended that students complete these exercises to enhance your learning, they are entirely optional.
Hint: You will need to use a wordlist to launch the password cracking operation. Kali Linux comes with a wordlist called
‘rockyou’ which is located in the ‘/usr/share/wordlists/’ directory on your Kali VM.
Hint 2: The commands needed to obtain the plaintext password are already included in the lecture slides. You simply
need to determine which command is relevant here.
Using your Kali Linux VM, exploit the vsFTPD vulnerability to get a shell
Please note since Metasploitable2 isn’t Windows based, you will need to run a generic Unix shell instead of
Meterpreter
a. Launch Nmap against your Metasploitable host and discover the vsFTPD service
i. Determine the IP address for Metasploitable by running ifconfig from the VM
ii. You will need to enumerate the version of vsFTPD from Nmap (using the Kali VM)
Your Kali Linux and Metasploitable2 VM’s will need to be on the same network for this lab to work