A technical case study on gaining Root access via the vsftpd backdoor, performing post-exploitation forensics, and implementing anti-forensics log sanitization.
The goal of this lab was to identify, exploit, and perform post-exploitation forensics on the vsftpd 2.3.4 service. This project demonstrates a full attack lifecycle, from initial access to clearing system logs.
- Environment: Kali Linux & Metasploitable 2
- Metasploit Framework: Exploit execution and session management.
- Linux Terminal: System navigation and advanced searching (
grep,find). - John the Ripper: Credential cracking of system password hashes.
- Anti-Forensics: Manual sanitization of
auth.logand bash history.
- Gained Root Access: Successfully triggered the service backdoor to gain the highest system privileges.
- Deep-System Search: Used recursive
grepfilters to locate hidden "flag" files within documentation and system directories. - Persistence Troubleshooting: Manually resolved terminal freezes and "clogged" connections by restarting the victim VM and managing Metasploit sessions.
- Log Clearing: Successfully cleared login trails to simulate a covert penetration test.