**Penetration Testing Report - Metasploitable 2**

# **Penetration Testing Report - Metasploitable 2** ## **Conducted by:** [Your Name] ## **Date:** [Date of Testing] --- ## **1. Introduction** This penetration test was conducted to assess the security posture of **Metasploitable 2**, identify vulnerabilities, and explore potential exploitation techniques. The test was performed in a controlled environment for educational and research purposes only. --- ## **2. Port Scanning** A port scan using **Nmap** was performed to identify open services: ```bash nmap -T4 -A -v 192.168.211.130 ``` ### **Key Findings:** - **80/tcp** - Open - Running **Apache 2.2.8 (Ubuntu)** - Supports: **GET, HEAD, POST, OPTIONS** - HTTP Server Header: *Apache/2.2.8 (Ubuntu) DAV/2* - Web Title: *Metasploitable2 - Linux* --- ## **3. Hidden Web Pages Discovery** A **GoBuster** scan identified hidden directories: ```bash gobuster dir -u http://192.168.211.130 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 ``` ### **Most sensitive discovery:** - `phpMyAdmin` --- ## **4. Credentials Exposure** Upon accessing the main webpage, credentials were exposed: - **Username:** `msfadmin` - **Password:** `msfadmin` --- ## **5. SSH Login** Successful authentication to SSH: ```bash ssh msfadmin@192.168.211.130 password: msfadmin ``` --- ## **6. Privilege Escalation** Using `sudo su`, we obtained **root access**: ```bash sudo su ``` --- ## **7. Database Exploitation** Sensitive tables found in the `mysql` database. Credentials were extracted. ```sql USE mysql; SELECT user, host, authentication_string FROM mysql.user; ``` ### **Extracted Credentials:** | User | Host | Password (Encrypted) | |------------------|-----------|----------------------| | debian-sys-maint | localhost | (hidden) | | root | % | (hidden) | | guest | % | (hidden) | --- ## **8. phpMyAdmin Access** Login successful with: ✅ **guest** ✅ **debian-sys-maint** ❌ **root** (failed) --- ## **9. Exploitation Opportunities** - **Modify User Passwords** - **Add/Remove Users** - **Access Sensitive Data** --- ## **10. Recommendations** ✅ Enforce strong passwords ✅ Restrict SSH access ✅ Disable unnecessary accounts ✅ Configure a firewall ✅ Apply security patches