Cybersecurity · Web Server Enumeration and Exploitation

Web Server Enumeration and Exploitation

Active reconnaissance and exploitation of a vulnerable web server using Kali and Metasploitable2.

View this project on GitHub

Overview

This lab walks through discovery and exploitation against a target web server. Recon uses Nmap, whatweb, curl, netcat, and Metasploit. Exploitation leverages msfvenom and a reverse handler to obtain a shell, followed by post-exploitation recon.

Environment: Kali Linux attacking a Metasploitable2 VM on a virtual network.

Active Reconnaissance with Nmap

Nmap service discovery 1

Nmap service discovery 2

Nmap service discovery 3

Nmap service discovery 4

Active Recon with whatweb, curl, netcat, and Metasploit

whatweb fingerprinting

curl enumeration

netcat banner grabbing

Metasploit reconnaissance 1

Metasploit reconnaissance 2

Preparing Exploitation

Preparation step 1

Preparation step 2

Preparation step 3

Generate Payload with `msfvenom` and Upload

Generating payload with msfvenom

Start Reverse Handler

Starting reverse handler

Execute Payload via Browser (dav folder)

Executing the payload

Reverse Shell Established

Reverse shell established

Post-Exploitation Reconnaissance

Post-exploitation recon 1

Post-exploitation recon 2

Post-exploitation recon 3

Post-exploitation recon 4