Sign up to save your podcasts
Or
Share Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Metasploitable 2, an intentionally vulnerable Ubuntu-based virtual machine designed for safely practicing penetration testing techniques in a controlled lab.
- Structured reconnaissance and enumeration, using tools like Nmap to identify open ports, detect service versions, and map the attack surface before attempting exploitation.
- Service version detection and exploit matching, identifying outdated or vulnerable services such as:
- Apache Tomcat
- vsftpd
- UnrealIRCd
- Exploiting intentionally placed backdoors, understanding how misconfigured or vulnerable services can lead to immediate privileged access in lab environments.
- Credential-based attacks, demonstrating the security risks of weak or default credentials across services like FTP, MySQL, and Tomcat Manager using modules within Metasploit.
- Remote Code Execution (RCE) scenarios, analyzing vulnerabilities in services such as:
- Samba (usermap_script vulnerability)
- DistCC
- Apache HTTP Server (PHP CGI misconfigurations)
- Web application exploitation techniques, including:
- Extracting sensitive server information from diagnostic pages (e.g., phpinfo)
- Uploading malicious payloads through misconfigured management consoles to gain controlled shell access (e.g., Meterpreter sessions)
- End-to-end penetration testing workflow, moving from reconnaissance → enumeration → exploitation → post-exploitation within a safe training environment.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
View all episodes
By CyberCode AcademyIn this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Metasploitable 2, an intentionally vulnerable Ubuntu-based virtual machine designed for safely practicing penetration testing techniques in a controlled lab.
- Structured reconnaissance and enumeration, using tools like Nmap to identify open ports, detect service versions, and map the attack surface before attempting exploitation.
- Service version detection and exploit matching, identifying outdated or vulnerable services such as:
- Apache Tomcat
- vsftpd
- UnrealIRCd
- Exploiting intentionally placed backdoors, understanding how misconfigured or vulnerable services can lead to immediate privileged access in lab environments.
- Credential-based attacks, demonstrating the security risks of weak or default credentials across services like FTP, MySQL, and Tomcat Manager using modules within Metasploit.
- Remote Code Execution (RCE) scenarios, analyzing vulnerabilities in services such as:
- Samba (usermap_script vulnerability)
- DistCC
- Apache HTTP Server (PHP CGI misconfigurations)
- Web application exploitation techniques, including:
- Extracting sensitive server information from diagnostic pages (e.g., phpinfo)
- Uploading malicious payloads through misconfigured management consoles to gain controlled shell access (e.g., Meterpreter sessions)
- End-to-end penetration testing workflow, moving from reconnaissance → enumeration → exploitation → post-exploitation within a safe training environment.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy