Originally Posted by svenxix
Rsh is running, but it prompts for passwords.
The vulnerable user is named Steve. His ~/.rhosts file says "+ +".
A lot of sites say I have to specify IP address from trusted hosts in the /etc/hosts.equiv file, but metasploitable doesn't do that, and I want to have the server accessible from any ip address.
Are you NOT using any hosts.deny (or anything like that in PAM or xinetd)?
Assuming you've got an unencumbered process listening then either .rhosts or hosts.equiv should be able to give access to all hosts with a + sign.
Is the username the same (case-sensitive Steve != steve)?
Have you both rsh(shell) and rlogin(login) running? An rsh command with no arguments becomes an rlogin command (but "rsh somewhere sh -i" is a remote command that gets you a shell).