Web-Server-Enumeration-and-Exploitation

View this project on GitHub

This lab demonstrates performing active reconnaissance and exploitation on a web server. This demonstration involves the use of a Kali Linux and a Metasploitable2 VM in a virtualized network.

Active Reconnaissance with Nmap

Active Reconnaissance Step 1

Active Reconnaissance Step 2

Active Reconnaissance Step 3

Active Reconnaissance Step 4

Active Reconnaissance using whatweb, curl, netcat and Metasploit

Recon with whatweb

Recon with curl

Recon with netcat

Recon with Metasploit Step 1

Recon with Metasploit Step 2

Preparing Exploitation

Preparation Step 1

Preparation Step 2

Preparation Step 3

Generating Payload with msfvenom and uploading payload to web server

Generating Payload with msfvenom

Starting a reverse handler

Starting Reverse Handler

Executing the payload on the web server through a browser in the dav folder

Executing Payload

Reverse shell on web server established

Reverse Shell Established

Post Exploitation Reconnaissance

Post Exploitation Recon 1

Post Exploitation Recon 2

Post Exploitation Recon 3

Post Exploitation Recon 4

Acknowledgments

Metasploitable2

Metasploitable2 is a vulnerable virtual machine intended for use as a target for testing security tools and demonstrating common vulnerabilities.

Official download page: https://sourceforge.net/projects/metasploitable/

License: BSD License, GNU General Public License version 2.0 (GLPv2)

Back to Lab Projects