🌱 How to Get Started with This Project
Do not clone this repository! Just follow the instructions.
This exercise aims to teach students how to exploit vulnerabilities found in a vulnerable machine (Metasploitable) during the reconnaissance phase. This includes detecting exploitable vulnerabilities and privilege escalation. Note: No post-exploitation activities will be performed.
This is the second of 4 projects that will lead you to a thorough understanding of the world of pentesting. The objective is to carry out all phases of pentesting on a vulnerable computer, specifically using Metasploitable. This second phase focuses on "Exploitation" on a Vulnerable Machine.
Requirements
- Complete the Pentesting reconnaissance report Pentesting report v1.
- Access to the Metasploitable machine.
- Access to an attacking machine (e.g., Kali Linux).
- Nmap (for confirming vulnerabilities)
- Metasploit Framework
- Access to vulnerability databases (such as Exploit-DB)
- Additional tools depending on vulnerabilities (e.g., Hydra for brute force, netcat)
📝 Instructions
Step 1: Confirm Vulnerabilities
Step 2: Detect Exploitable Vulnerabilities
Step 3: Exploit Vulnerabilities
Step 4: Privilege Escalation
Step 5: Document the Exploitation Process
-
Introduction
- Summary of the objective and scope of the exercise.
-
Methodology
- Tools and techniques used.
-
Results
- Details of the exploited vulnerabilities.
- Commands and tools used for exploitation.
- Screenshots and evidence.
-
Privilege Escalation
- Techniques used and results obtained.
-
Mitigation
- Proposals to remediate the exploited vulnerabilities.
-
Conclusion
- Impact of the vulnerabilities and reflection on the process.
Delivery