Category: Metasploitable

Metasploitable is a test environment provides a secure place to perform penetration testing and security research. For your test environment, you need a Metasploit instance that can access a vulnerable target. The following sections describe the requirements and instructions for setting up a vulnerable target.
Download
The easiest way to get a target machine is to use Metasploitable 2, which is an intentionally vulnerable Ubuntu Linux virtual machine that is designed for testing common vulnerabilities. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

Available at:

https://information.rapid7.com/metasploitable-download.html
https://sourceforge.net/projects/metasploitable/

The compressed file is about 800 MB and can take up to 30 minutes to download. After you have downloaded the file, you will need to unzip the file to see its contents.

Once the VM is available on your desktop, open the device, and run it with VMWare Player. Alternatively, you can also use VMWare Workstation or VMWare Server.

Attack Samba Server Port 445 – Metasploitable Attack-Samba-Server-Port-445

Attack Samba Server Port 445 – Metasploitable

Attack Samba Server – This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this flaw, a writeable share must be specified. The newly created directory will link to the root filesystem.

Attack PostgreSQL Server Port 5432 – Metasploitable Attack-PostgreSQL-Server-Port-5432

Attack PostgreSQL Server Port 5432 – Metasploitable

Attack PostgreSQL Server – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.

Attack Samba Server Port 139 – Metasploitable Attack-Samba-Server-Port-139

Attack Samba Server Port 139 – Metasploitable

Attack Samba Server – This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands.

Attack Apache and PHP 5.3 – Metasploitable Attack-Apache-and-PHP-5.3

Attack Apache and PHP 5.3 – Metasploitable

Attack Apache – When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution.

Attack Unreal IRC Server Port 6667 – Metasploitable Attack-Unreal-IRC-Server-Port-6667

Attack Unreal IRC Server Port 6667 – Metasploitable

Attack Unreal IRC Server – This module exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.

Learn How to Attack FTP Service vsftpd 2.3.4 Metasploitable

Learn How to Attack FTP Service vsftpd 2.3.4

This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands.