2020 08 29_dvwa

Damn Vulnerable Web Application (DVWA)

DVWA is a web application which uses PHP and MySQL and implements a number of common web application vulnerabilities. For more information visit http://www.dvwa.co.uk/ and https://github.com/digininja/DVWA.

Installation - vagrant up

Using the Vagrantfile in the penetration testing lab directory in the git repo at https://github.com/kushfj/pentesting, spin up a DVWA VM in virtual box.

The virtual machines has two virtual network adapters, the first adapter is connected to the default NAT network. The NAT network is required during the initial setup to download and install updates and packages. The second adapter is connected the default intnet internal network. The intnet internal network is used for the penetration testing. Note, you must disable or disconnect the NAT interface as soon as the machine is ready.

[Read More]

Metasploitable2 Walkthrough

For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. I employ the following penetration testing phases: reconnaisance, threat modelling and vulnerability identification, and exploitation. Since this is a mock exercise, I leave out the pre-engagement, post-exploitation and risk analysis, and reporting phases.

Set-up

This metasploitable walk-through is performed in a virtual lab environment. Two virtual machines (VMs) are used. The first is a Kali VM and the second is the Metasploitable2 VM. Both VMs have their network interfaces connected to an internal Virtualbox network called vlabnet. There is a DHCP server on the virtual lab network to dynamically allocate IP addresses to hosts.

[Read More]