Metasploitable2 Walkthrough

For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. I employ the following penetration testing phases: reconnaisance, threat modelling and vulnerability identification, and exploitation. Since this is a mock exercise, I leave out the pre-engagement, post-exploitation and risk analysis, and reporting phases. Set-up This metasploitable walk-through is performed in a virtual lab environment. Two virtual machines (VMs) are used. The first is a Kali VM and the second is the Metasploitable2 VM.

Read More → fristileaks1.3

host: dhcp-server: kali: * log # 2015/12/24 14:45 -> 16:30 (1hr 45min) # 2015/12/25 15:00 -> 17:45 (2hr 45min) # total time = 4hrs 30min * discovery - target * nmap --min-parallelism=100 -sP -T5 * found target: * discovery - services * nmap --min-parallelism=100 -A -T5 -p1-65535 * found ports: 80 * enumerate port 80 * wget * cat index.html * wget * wget http://192.

Read More →

Metasploitable2 Walk-through

*(This is an interim post and will be updated progressively. This note will be removed once done.)* This post extends the walk-though on the initial version of Metasploitable at It should be noted that some commands and output may have been truncated for the purposes of brevity. Set-up The set-up included two machines in a virtual test environment using VirtualBox. The first was a Metasploitable virtual machine (VM) and the

Read More →