0% found this document useful (0 votes)

66 views5 pages

Metasploitable2 & DVWA Vulnerability Guide

Metasploitable2 is a vulnerable Linux VM designed for security testing, featuring numerous insecure services and applications. DVWA is a PHP/MySQL web application with various vulnerabilities, aimed at teaching web security practices. The document outlines active information gathering techniques for both Metasploitable2 and DVWA, including network discovery, port scanning, and web vulnerability scanning.

Uploaded by

macbookaldi376

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

66 views5 pages

Metasploitable2 & DVWA Vulnerability Guide

Uploaded by

macbookaldi376

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Metasploitable2

Type: Vulnerable Linux VM (Ubuntu-based, old packages)

Contains vulnerable services such as:

• VSFTPd backdoor
• UnrealIRCd backdoor
• Samba vulnerabilities (e.g., SMB RCE)
• Tomcat Manager weak creds
• Web apps like Mutillidae, DVWA, PHPMyAdmin, etc.
• Misconfigured NFS, MySQL, PostgreSQL
• Old kernels with privilege escalation flaws

DVWA (Damn Vulnerable Web App)

Type: Vulnerable PHP/MySQL web application

Includes vulnerabilities such as:

• SQL Injection
• Command Injection
• XSS (Reflected, Stored, DOM)
• CSRF
• File Upload
• Brute Force
• Weak CAPTCHA
• Security level switching (Low / Medium / High)
🎯 A. Metasploitable2 – Active Information Gathering

🔎 Brief Explanation
Metasploitable2 is a purposely vulnerable Linux server containing many insecure network
services (FTP, SSH, SMB, databases, web apps, SNMP, SMTP, etc.).
Active information gathering here aims to identify hosts, ports, services, versions,
configurations, and potential weaknesses by directly interacting with the machine.

This phase simulates what an attacker would do after discovering a target inside a network.

🧪 Metasploitable2 – Practice Activities

1. Network Discovery

Identify whether the target is alive and reachable.

nmap -sn [Link]/24

arp-scan -l
traceroute <target>

2. Port Scanning

Find open ports and exposed services.

nmap -p- <target>

nmap -sS <target>
nmap -sV <target>
nmap -A <target>

3. OS Fingerprinting

Determine the target operating system.

nmap -O <target>

4. Banner Grabbing

Interact with services to extract version information.

nc -nv <target> 21
nc -nv <target> 22
nc -nv <target> 80
curl -I [Link]
5. SMB Enumeration

SMB is often misconfigured on Metasploitable2 — great for discovery.

smbclient -L //<target> -N
smbclient //<target>/tmp
enum4linux -a <target>
nmap --script smb-os-discovery -p445 <target>
nmap --script smb-enum-shares -p445 <target>

6. FTP Enumeration

Check for anonymous login and service version.

ftp <target>
nmap --script ftp-anon -p21 <target>
nmap --script ftp-banner -p21 <target>

7. SSH Enumeration

Inspect SSH configuration and algorithms.

nc <target> 22
nmap --script ssh2-enum-algos -p22 <target>

8. SMTP Enumeration

Identify users on email server.

nmap --script smtp-enum-users -p25 <target>

nc <target> 25

9. DNS Enumeration

Used if DNS service is active.

nmap --script dns-service-discovery -p53 <target>

10. SNMP Enumeration

Extract system information via SNMP.

onesixtyone <target>
snmpwalk -v1 -c public <target>

11. Database Enumeration

Retrieve information from DB services.

MySQL:

nmap --script mysql-info -p3306 <target>

PostgreSQL:

nmap --script pgsql-info -p5432 <target>

12. Vulnerability Scanning

Identify known issues using automated scripts.

nmap --script vuln <target>

nikto -h [Link]

B. DVWA – Active Information Gathering

🔎 Brief Explanation
DVWA is a deliberately vulnerable web application.
Active information gathering here focuses on HTTP endpoints, directories, parameters,
cookies, sessions, headers, web technologies, SSL, and forms.

This phase is identical to what a web pentester does before exploitation (SQLi, XSS, etc.).

🧪 DVWA – Practice Activities

1. Web Server Detection

Identify server type, version, and basic headers.

curl -I [Link]
whatweb [Link]

2. Directory & File Enumeration

Find hidden directories, files, admin panels, etc.

gobuster dir -u [Link] -w /usr/share/wordlists/dirb/[Link]

3. Virtual Host Enumeration

Check for additional web applications.

gobuster vhost -u [Link] -w

/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-
[Link]

4. Parameter Enumeration

Discover hidden GET/POST parameters.

wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-
[Link] [Link]

5. Website Crawling

Download or visualize the entire application tree.

wget -r [Link]

6. Web Technology Fingerprinting

Identify framework, language, CMS, server modules, etc.

whatweb [Link]

7. SSL/TLS Enumeration (if HTTPS is used)

sslscan <dvwa-ip>

8. Cookie/Session/Header Inspection

Understand how the application handles authentication.

curl -I [Link]

9. Web Vulnerability Scan

Basic detection of common web issues.

nikto -h [Link]

Metasploitable2 Activity Guide
100% (1)
Metasploitable2 Activity Guide
4 pages
CEH v13 Modules and Tools Overview
No ratings yet
CEH v13 Modules and Tools Overview
29 pages
Exploiting vsftpd 2.3.4 with Metasploit
No ratings yet
Exploiting vsftpd 2.3.4 with Metasploit
10 pages
Ethical Hacking Overview and Techniques
No ratings yet
Ethical Hacking Overview and Techniques
47 pages
Software Engineering Final Exam Notes
No ratings yet
Software Engineering Final Exam Notes
22 pages
Vulnerability Research in CWE and OpenVAS
No ratings yet
Vulnerability Research in CWE and OpenVAS
26 pages
Exploiting Samba 3.0.20 Vulnerabilities
No ratings yet
Exploiting Samba 3.0.20 Vulnerabilities
12 pages
1.1 About The AWAE Course: Advanced Web Attacks and Exploitation
No ratings yet
1.1 About The AWAE Course: Advanced Web Attacks and Exploitation
4 pages
Mutillidae Project: Web Security Testing Guide
No ratings yet
Mutillidae Project: Web Security Testing Guide
39 pages
Web Application VAPT Report Summary
No ratings yet
Web Application VAPT Report Summary
8 pages
Georgia Weidman: Cybersecurity Innovator
No ratings yet
Georgia Weidman: Cybersecurity Innovator
6 pages
Ceh Practical
No ratings yet
Ceh Practical
5 pages
WEB-200 OSWA Course Overview by Tamarisk
No ratings yet
WEB-200 OSWA Course Overview by Tamarisk
1 page
Cybersecurity Quiz Questions and Answers
0% (1)
Cybersecurity Quiz Questions and Answers
5 pages
eWPT Course Review and Exam Insights
No ratings yet
eWPT Course Review and Exam Insights
5 pages
Vulnerability Analysis Lab Assignment
No ratings yet
Vulnerability Analysis Lab Assignment
7 pages
Penetration Testing Course Overview
100% (1)
Penetration Testing Course Overview
6 pages
OWASP XSS Filter Evasion Guide
No ratings yet
OWASP XSS Filter Evasion Guide
28 pages
Certified Ethical Hacker Overview
No ratings yet
Certified Ethical Hacker Overview
14 pages
MITRE Caldera Installation Guide
No ratings yet
MITRE Caldera Installation Guide
262 pages
OSCP Preparation and Exam Guide
No ratings yet
OSCP Preparation and Exam Guide
14 pages
SOC-200: Security Operations Analysis
No ratings yet
SOC-200: Security Operations Analysis
7 pages
Linux Access Control Lists (Acls) : 4.1 Review Existing File Permissions
No ratings yet
Linux Access Control Lists (Acls) : 4.1 Review Existing File Permissions
3 pages
Understanding Cryptography Basics
No ratings yet
Understanding Cryptography Basics
80 pages
File System Forensic Analysis Guide
No ratings yet
File System Forensic Analysis Guide
12 pages
Red Teaming Active Directory Techniques
No ratings yet
Red Teaming Active Directory Techniques
755 pages
SOC Analyst Cheat Sheet: Key Concepts
No ratings yet
SOC Analyst Cheat Sheet: Key Concepts
10 pages
Bodgeit Store Vulnerability Analysis
No ratings yet
Bodgeit Store Vulnerability Analysis
13 pages
Overview of Ethical Hacking Techniques
100% (1)
Overview of Ethical Hacking Techniques
80 pages
Vulnerability Scanner Assessment Guide
No ratings yet
Vulnerability Scanner Assessment Guide
8 pages
CEH v12 Exam Insights and Techniques
No ratings yet
CEH v12 Exam Insights and Techniques
62 pages
MYDFIR Resources
No ratings yet
MYDFIR Resources
16 pages
OSCP Buffer Overflow Cheat Sheet
No ratings yet
OSCP Buffer Overflow Cheat Sheet
7 pages
EC-Council 212-89 Exam Q&A Guide
No ratings yet
EC-Council 212-89 Exam Q&A Guide
6 pages
TestKing CompTIA Security+ SY0-101 v12.0
No ratings yet
TestKing CompTIA Security+ SY0-101 v12.0
163 pages
Web 200 Syllabus
No ratings yet
Web 200 Syllabus
11 pages
Metasploit Network Scanning Guide
No ratings yet
Metasploit Network Scanning Guide
16 pages
Linux Privilege Escalation Techniques
No ratings yet
Linux Privilege Escalation Techniques
5 pages
Key Business Logic Vulnerabilities in Web Apps
No ratings yet
Key Business Logic Vulnerabilities in Web Apps
51 pages
Vulnerability Scanning Techniques Overview
No ratings yet
Vulnerability Scanning Techniques Overview
28 pages
Vulnerability Scanning with ShellGPT
No ratings yet
Vulnerability Scanning with ShellGPT
7 pages
CEH & eJPT Command Cheat Sheet
No ratings yet
CEH & eJPT Command Cheat Sheet
2 pages
SEC660: Advanced Penetration Testing Course
No ratings yet
SEC660: Advanced Penetration Testing Course
2 pages
Data Exfiltration Techniques Report
No ratings yet
Data Exfiltration Techniques Report
12 pages
Web Machine N7 CTF Walkthrough
No ratings yet
Web Machine N7 CTF Walkthrough
7 pages
Understanding Broken Authentication Risks
No ratings yet
Understanding Broken Authentication Risks
34 pages
Mobile Application Security and Penetration Testing: Syllabus
No ratings yet
Mobile Application Security and Penetration Testing: Syllabus
14 pages
Nmap Live Host Discovery Report
No ratings yet
Nmap Live Host Discovery Report
15 pages
Secret Key Encryption Lab Overview
No ratings yet
Secret Key Encryption Lab Overview
8 pages
Cybersecurity Question Bank Overview
No ratings yet
Cybersecurity Question Bank Overview
19 pages
LDAP Pentesting Strategies and Techniques
No ratings yet
LDAP Pentesting Strategies and Techniques
12 pages
CPTS Exam Preparation Guide
No ratings yet
CPTS Exam Preparation Guide
3 pages
Understanding Footprinting Techniques
No ratings yet
Understanding Footprinting Techniques
58 pages
Writing ClamAV Signatures Guide
No ratings yet
Writing ClamAV Signatures Guide
35 pages
DoS and DDoS Attack Strategies
No ratings yet
DoS and DDoS Attack Strategies
174 pages
Open Source Lab Manual for CS2406
No ratings yet
Open Source Lab Manual for CS2406
84 pages
IWU Information Security Policy Overview
No ratings yet
IWU Information Security Policy Overview
10 pages
CEH Exam Preparation Guide
No ratings yet
CEH Exam Preparation Guide
18 pages
Nmap
No ratings yet
Nmap
5 pages
Penetration Testing Essentials Guide
No ratings yet
Penetration Testing Essentials Guide
56 pages
Chapter 1 Cybersecurity Questionnaire Review
No ratings yet
Chapter 1 Cybersecurity Questionnaire Review
3 pages
CySA Glossary
No ratings yet
CySA Glossary
33 pages
Organization Onboarding Application Guide
No ratings yet
Organization Onboarding Application Guide
2 pages
Blockchain: Enhancing Data Security & Integrity
No ratings yet
Blockchain: Enhancing Data Security & Integrity
2 pages
SBC Security Guidelines Overview
No ratings yet
SBC Security Guidelines Overview
68 pages
NSE4 - FGT-6.4: Number: NSE4 - FGT-6.4 Passing Score: 800 Time Limit: 120 Min File Version: 1
No ratings yet
NSE4 - FGT-6.4: Number: NSE4 - FGT-6.4 Passing Score: 800 Time Limit: 120 Min File Version: 1
23 pages
User Access & Security Best Practices
No ratings yet
User Access & Security Best Practices
3 pages
Active Directory Certificate Services Lab
No ratings yet
Active Directory Certificate Services Lab
13 pages
Overview of Cybercrime Types
No ratings yet
Overview of Cybercrime Types
21 pages
Asymmetric Encryption in ASP.NET Core
No ratings yet
Asymmetric Encryption in ASP.NET Core
9 pages
Understanding Cybercrime: Types & Prevention
No ratings yet
Understanding Cybercrime: Types & Prevention
2 pages
Cyber Crime: Types and Impacts
No ratings yet
Cyber Crime: Types and Impacts
96 pages
Coretelligent Cybersecurity Evaluation Guide
No ratings yet
Coretelligent Cybersecurity Evaluation Guide
6 pages
Access Control Recommendations for Bill Payment System
No ratings yet
Access Control Recommendations for Bill Payment System
37 pages
JWT Handbook: Security and Applications
No ratings yet
JWT Handbook: Security and Applications
30 pages
Cyber Security Threats and Challenges 2024
No ratings yet
Cyber Security Threats and Challenges 2024
23 pages
IS Security Audit Guide and Checklist
No ratings yet
IS Security Audit Guide and Checklist
15 pages
Falderal Jazzman Pedal for Bassists
No ratings yet
Falderal Jazzman Pedal for Bassists
6 pages
SOC Analyst Interview Questions & Answers
No ratings yet
SOC Analyst Interview Questions & Answers
5 pages
Security in Computing Exam Guide
No ratings yet
Security in Computing Exam Guide
3 pages
Linux Server Administration Guide
No ratings yet
Linux Server Administration Guide
3 pages
Cryptography and Network Security Course
No ratings yet
Cryptography and Network Security Course
8 pages
Barracuda vs. Microsoft 365 Email Security
No ratings yet
Barracuda vs. Microsoft 365 Email Security
6 pages
Converting LCPDF to PDF Guide
0% (1)
Converting LCPDF to PDF Guide
1 page
Aayush Enrolment Details - Uttar Pradesh
No ratings yet
Aayush Enrolment Details - Uttar Pradesh
1 page
Group Ib FP en
No ratings yet
Group Ib FP en
7 pages
Digital Forensics and Cybersecurity Reports
No ratings yet
Digital Forensics and Cybersecurity Reports
4 pages
Cyber Warfare: Threats and Responses
No ratings yet
Cyber Warfare: Threats and Responses
32 pages
First Computer Virus: The Creeper
No ratings yet
First Computer Virus: The Creeper
11 pages
Intrusion Detection in Computer Security
No ratings yet
Intrusion Detection in Computer Security
43 pages