Pen-Test Walkthrough – Metasploitable 2
Metasploitable 2 is a purpose build vulnerable VM and web app designed for testing.
| Test# | Brief Test Vector Detail | Vulnerability |
| 1 | ARP requests revealing MAC address | Attacker takes advantage of open traffic and can redirect it with incorrect mappings to the gateway or the network host |
| 2 | Banner Grabbing | Operating System information is discoverable |
| Port Service Scan | Open port information is retrieved and can be researched against known Exploit-Databases to prepare attacks | |
| 3 | Remote access login via Remote Shell (RSH) | Host compromise through a remote shell enables an attacker to take control |
| 4 | Network File System (NFS) Service exploited by creating a folder on the Hosts root directory and installing a pre-generated authorised key. | Command line access can be gained, remote control of the Host machine is established |
| 5 | Telnet Backdoor connection | Creating a backdoor on the Host effectively enables a Hacker to keep a continuous or intermittent connection on the Host machine |
| 6 | Samba Backdoor connection | Creating a backdoor on the Host effectively enables a Hacker to keep a continuous or intermittent connection on the Host machine |
| Test# | Brief Test Vector Detail | Vulnerability |
| 7 | Secure Copy protocol enabled via port 22 | Allows a high level privilege user to connect via the port. Complete exploitation of the machine is possible |