01
Vulnerability Overview
Metasploitable 2 runs Apache 2.2.8 on port 80, hosting several intentionally vulnerable web applications including DVWA (Damn Vulnerable Web Application), Mutillidae, and phpMyAdmin. These apps contain common web vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Remote Code Execution (RCE).
These web apps are designed for training and demonstrate real-world vulnerabilities. Exploiting them can lead to shell access, database dumps, or full system compromise.
02
Service Detection
bash
nmap -sV -v -p 80 <target-ip>
03
Web Application Scanning
Use Nikto to scan for common web vulnerabilities:
bash
nikto -h http://<target-ip>
Nikto will identify vulnerable web apps and potential attack vectors.
04
Exploiting DVWA
Access DVWA at http://<target-ip>/dvwa/ (default creds: admin/admin). Exploit vulnerabilities like SQL Injection:
sql
# SQL Injection payload
' OR '1'='1
05
Exploiting Mutillidae
Access Mutillidae at http://<target-ip>/mutillidae/. Test for XSS and other vulnerabilities.
html
# XSS payload
<script>alert('XSS')</script>
06
phpMyAdmin Access
phpMyAdmin is accessible at http://<target-ip>/phpmyadmin/. Default credentials may allow database access.
07
Results & Impact
Outcome
- Identified multiple vulnerable web applications
- Successfully exploited SQL Injection in DVWA
- Executed XSS in Mutillidae
- Gained database access via phpMyAdmin
- Potential for shell upload and RCE
Detection & Mitigation (Blue Team)
- Remove or secure vulnerable web applications
- Implement Web Application Firewall (WAF)
- Use parameterized queries to prevent SQLi
- Sanitize user inputs to prevent XSS
- Keep web server and apps updated
- Monitor web logs for suspicious activity