Questions tagged [metasploitable]

a well-known, intentionally vulnerable Linux distribution, developed by Offensive Security. It is used for training in the fields of vulnerability assessment and penetration testing, often in conjunction with the Metasploit framework (as an attacking platform), which is developed by the same company.

24 questions
6
votes
1 answer

How would I turn an open telnet shell into a Metasploit session?

I'm trying to pivot using a metasploitable2 system, which has a shell port open in a scan: port status service 1524/tcp open shell Accessing the root shell is easy enough in telnet, or even using connect in msfconsole but this does…
Pixel
  • 63
  • 1
  • 4
5
votes
2 answers

Reverse connection Metasploitable 2 -> Kali Linux (Samba 3.x) without Metasploit

I am trying to exploit Metasploitable 2 without the use of Metasploit, with the aim of learning. In this case, I am focusing on Samba 3.x (Port TCP 139, 445) In this link http://www.rwbnetsec.com/samba-3-x/ two different methods are explained to…
J.g.
  • 53
  • 1
  • 6
5
votes
3 answers

Metasploitable ports closed and web server unavailable

I have setup a fresh VirtualBox install of both Kali Linux and Metasploitable. I did an ifconfig on the Metasploitable VM and tried to access it through the browser, but that gives the message The 10.0.2.15 page isn’t working From Kali I am able to…
bigtunacan
  • 163
  • 1
  • 1
  • 5
3
votes
1 answer

Wordpress 4.0 CSRF Password Reset

I am working on a faculty project. I need to replicate Wordpress CSRF vulnerability on my localhost wordpress. I am trying to do this: https://wpvulndb.com/vulnerabilities/7691 I couldn't find any useful tutorials. I am thinking about using a…
Danelo
  • 43
  • 4
3
votes
3 answers

armitage find attack tool cli equivalent command

Ive been using metasploit through the cli and a little through armitage. The tool in armitage to find attacks that gives you attacks that are more likely to work is quite useful, so i was wondering what is the cli command to run that if there is…
dmnte
  • 29
  • 1
  • 5
2
votes
1 answer

Can't log in dvwa with a simple python program, even though login credentials are good

import requests target_url = "http://127.0.0.1/dvwa/login.php" data_dict = {"csrfmiddlewaretoken": "bbbfeed6e1aea50f14a51a331054022c", "username": "admin", "password": "password", "Login": "Submit"} response = requests.post(target_url,…
2
votes
1 answer

Metasploit MsfVenom - Payload binds shell, but unable to spawn it with netcat

Running a SEH BoF exploit script that contains a payload that is generated from msfvenom as such: msfvenom --payload windows/shell/bind_tcp --format py --arch x86 --platform windows --bad-chars "\x00\x20" EXITFUNC=seh After running the script…
2
votes
0 answers

VirtualBox Metasploitable VM not visible to Kali VM

I am running VirtualBox on Windows 10, and have 2 VMs set up; Metasploitable (target obviously) and Kali (lab host). I am attempting to fping, followed by nmap from Kali, and for some reason my Metasploitable is not being seen by Kali. Both machines…
NBacon
  • 21
  • 1
  • 3
1
vote
0 answers

DVWA file upload background

I've just started in penetration testing with metasploitable and currently trying to learn file upload vulnerability present in DVWA module. I know that somehow upload is preventing files other than images to be uploaded but I don't understand how.…
Ryuzaki
  • 11
  • 3
1
vote
0 answers

Nmap Shows all ports are closed

I am facing a problem with Nmap while scanning metasploitable. I am using two different PCs. One with Kali Linux by using USB boot and on other PC using Metasploitable running on VMWare. I have configured the IP address in both machines and they can…
Indranil
  • 11
  • 1
  • 2
1
vote
3 answers

DVWA: "Hacking attempt detected..."

Hello and good evening, i've recently tried to improve my pentesting skills and learn more about it with metasploitable 2. I am trying some things on the DVWA. For the moment, i am learning the basics of Burp Suite (more precisely i am trying to…
Mechamod
  • 11
  • 4
1
vote
0 answers

Detecting Samba exploit attacks

I've been messing around with metasploitable two and Kali linux. I came across a tutorial that went over the exploit/multi/samba/usermap_script, I used the exploit and got a shell My question is how would I detect this attack, without an ids system.…
Nerf D
  • 41
  • 2
1
vote
1 answer

Cannot exploit elasticsearch on Metasploitable3

I am a newbie to security and have started my learning by downloading Metasploitable 3 and trying to get into it using Metasploit's "script_mvel_rce" module to exploit Elasticsearch 1.1.1 At my home the exploit works and I get meterpreter shell with…
Pro_dk
  • 21
  • 2
1
vote
0 answers

Fixing vulnerabilities in metasploitable 2

I am new to penetration testing . I've done exploits from kali linux on metasploitable 2, and i want to fix the vulnerabilities i'm exploiting, but all i can find as a solution to these vulnerabilities is using firewalls or filtering ports. I…
1
vote
1 answer

Nmap not working as a root

Hi I asked this questions on other forums, and searched on google, but nothing was useful to me. My problem works as a non-privileged used, but whenever I run it as a root, I get: Starting Nmap 7.01 ( https://nmap.org ) at 2016-07-25 16:21…
1
2