a well-known, intentionally vulnerable Linux distribution, developed by Offensive Security. It is used for training in the fields of vulnerability assessment and penetration testing, often in conjunction with the Metasploit framework (as an attacking platform), which is developed by the same company.
Questions tagged [metasploitable]
24 questions
6
votes
1 answer
How would I turn an open telnet shell into a Metasploit session?
I'm trying to pivot using a metasploitable2 system, which has a shell port open in a scan:
port status service
1524/tcp open shell
Accessing the root shell is easy enough in telnet, or even using connect in msfconsole but this does…
Pixel
- 63
- 1
- 4
5
votes
2 answers
Reverse connection Metasploitable 2 -> Kali Linux (Samba 3.x) without Metasploit
I am trying to exploit Metasploitable 2 without the use of Metasploit, with the aim of learning. In this case, I am focusing on Samba 3.x (Port TCP 139, 445)
In this link http://www.rwbnetsec.com/samba-3-x/ two different methods are explained to…
J.g.
- 53
- 1
- 6
5
votes
3 answers
Metasploitable ports closed and web server unavailable
I have setup a fresh VirtualBox install of both Kali Linux and Metasploitable. I did an ifconfig on the Metasploitable VM and tried to access it through the browser, but that gives the message The 10.0.2.15 page isn’t working
From Kali I am able to…
bigtunacan
- 163
- 1
- 1
- 5
3
votes
1 answer
Wordpress 4.0 CSRF Password Reset
I am working on a faculty project. I need to replicate Wordpress CSRF vulnerability on my localhost wordpress. I am trying to do this: https://wpvulndb.com/vulnerabilities/7691
I couldn't find any useful tutorials. I am thinking about using a…
Danelo
- 43
- 4
3
votes
3 answers
armitage find attack tool cli equivalent command
Ive been using metasploit through the cli and a little through armitage. The tool in armitage to find attacks that gives you attacks that are more likely to work is quite useful, so i was wondering what is the cli command to run that if there is…
dmnte
- 29
- 1
- 5
2
votes
1 answer
Can't log in dvwa with a simple python program, even though login credentials are good
import requests
target_url = "http://127.0.0.1/dvwa/login.php"
data_dict = {"csrfmiddlewaretoken": "bbbfeed6e1aea50f14a51a331054022c", "username": "admin", "password": "password", "Login": "Submit"}
response = requests.post(target_url,…
Erik Dz
- 35
- 5
2
votes
1 answer
Metasploit MsfVenom - Payload binds shell, but unable to spawn it with netcat
Running a SEH BoF exploit script that contains a payload that is generated from msfvenom as such:
msfvenom --payload windows/shell/bind_tcp --format py --arch x86 --platform windows --bad-chars "\x00\x20" EXITFUNC=seh
After running the script…
0x5929
- 335
- 4
- 13
2
votes
0 answers
VirtualBox Metasploitable VM not visible to Kali VM
I am running VirtualBox on Windows 10, and have 2 VMs set up; Metasploitable (target obviously) and Kali (lab host).
I am attempting to fping, followed by nmap from Kali, and for some reason my Metasploitable is not being seen by Kali. Both machines…
NBacon
- 21
- 1
- 3
1
vote
0 answers
DVWA file upload background
I've just started in penetration testing with metasploitable and currently trying to learn file upload vulnerability present in DVWA module. I know that somehow upload is preventing files other than images to be uploaded but I don't understand how.…
Ryuzaki
- 11
- 3
1
vote
0 answers
Nmap Shows all ports are closed
I am facing a problem with Nmap while scanning metasploitable.
I am using two different PCs. One with Kali Linux by using USB boot and on other PC using Metasploitable running on VMWare. I have configured the IP address in both machines and they can…
Indranil
- 11
- 1
- 2
1
vote
3 answers
DVWA: "Hacking attempt detected..."
Hello and good evening,
i've recently tried to improve my pentesting skills and learn more about it with metasploitable 2. I am trying some things on the DVWA.
For the moment, i am learning the basics of Burp Suite (more precisely i am trying to…
Mechamod
- 11
- 4
1
vote
0 answers
Detecting Samba exploit attacks
I've been messing around with metasploitable two and Kali linux. I came across a tutorial that went over the exploit/multi/samba/usermap_script, I used the exploit and got a shell
My question is how would I detect this attack, without an ids system.…
Nerf D
- 41
- 2
1
vote
1 answer
Cannot exploit elasticsearch on Metasploitable3
I am a newbie to security and have started my learning by downloading Metasploitable 3 and trying to get into it using Metasploit's "script_mvel_rce" module to exploit Elasticsearch 1.1.1
At my home the exploit works and I get meterpreter shell with…
Pro_dk
- 21
- 2
1
vote
0 answers
Fixing vulnerabilities in metasploitable 2
I am new to penetration testing .
I've done exploits from kali linux on metasploitable 2, and i want to fix the vulnerabilities i'm exploiting, but all i can find as a solution to these vulnerabilities is using firewalls or filtering ports. I…
user105453
- 11
- 3
1
vote
1 answer
Nmap not working as a root
Hi I asked this questions on other forums, and searched on google, but nothing was useful to me. My problem works as a non-privileged used, but whenever I run it as a root, I get:
Starting Nmap 7.01 ( https://nmap.org ) at 2016-07-25 16:21…
BetimNeutron
- 11
- 2