In my last post, I set up Metasploitable as a virtual machine on the same LAN as my Kali Linux box and determined the it's (the Metasploitable instance's) ip address using netdiscover. I didn't mention how I logged into Metasploitable, but the info is provided on the login screen: both username and password are msfadmin.
Armed with the ip address of the Metasploitable instance, why not take a look? This is as easy as entering the ip address into the address bar of a web browser, or actually, not quite that easy, since the browser automatically adds an https:// prefix, causing the browser to get lost and fail to connect. Manually deleting the prefix enables the connection:
Note the warning not to expose this instance to an insecure network. This is a vulnerable machine. Also note, if you're following along at home, that the ip address of my Metasploitable instance may not be the same as yours - check my previous post for two methods of determining the address of your instance.
Now that I'm on the Metasploitable machine, let's take a look around and do some reconnaissance. Starting at the top, clicking on the TWiki link leads to several more lnks: a license, a readme, documentation, all of which bear dates from 2003 - this software may be seriously out of date. On the todo list, now, is looking for exploits concerning TWiki.
I also find a list of users - usernames, most likely, and a link to the user registration page. Five users are listed, and I wonder how strong their passwords are? Names, emails, usernames, good stuff in plain view; even a list of admin usernames.
Another link leads to a phpMyAdmin page, which I may be able to gain entry to. There is also a DVWA login page, and a link to /dav, which indicates that it's running Apache version 2.2.8, long since out of date.
Only a few minutes of reconnaissance has provided me with several avenues of attack: two login pages, a list of usernames, and an out-of-date Apache setup. Where to begin?
Next post
No comments:
Post a Comment