Metasploitable2 Walkthrough

For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. I employ the following penetration testing phases: reconnaisance, threat modelling and vulnerability identification, and exploitation. Since this is a mock exercise, I leave out the pre-engagement, post-exploitation and risk analysis, and reporting phases. Set-up This metasploitable walk-through is performed in a virtual lab environment. Two virtual machines (VMs) are used. The first is a Kali VM and the second is the Metasploitable2 VM.

Read More →

vulnhub.com fristileaks1.3

host: 192.168.56.1 dhcp-server: 192.168.56.100 kali: 192.168.56.101 * log # 2015/12/24 14:45 -> 16:30 (1hr 45min) # 2015/12/25 15:00 -> 17:45 (2hr 45min) # total time = 4hrs 30min * discovery - target * nmap --min-parallelism=100 -sP -T5 192.168.56.0/24 * found target: 192.168.56.102 * discovery - services * nmap --min-parallelism=100 -A -T5 -p1-65535 192.168.56.102 * found ports: 80 * enumerate port 80 * wget http://192.168.56.102 * cat index.html * wget http://192.168.56.102/images/keep-calm.png * wget http://192.

Read More →

Metasploitable2 Walk-through

*(This is an interim post and will be updated progressively. This note will be removed once done.)* This post extends the walk-though on the initial version of Metasploitable at http://nkush.blogspot.com.au/2011/09/metasploitable-walkthrough.html. It should be noted that some commands and output may have been truncated for the purposes of brevity. Set-up The set-up included two machines in a virtual test environment using VirtualBox. The first was a Metasploitable virtual machine (VM) and the

Read More →