Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide
No se pudo agregar al carrito
Solo puedes tener X títulos en el carrito para realizar el pago.
Add to Cart failed.
Por favor prueba de nuevo más tarde
Error al Agregar a Lista de Deseos.
Por favor prueba de nuevo más tarde
Error al eliminar de la lista de deseos.
Por favor prueba de nuevo más tarde
Error al añadir a tu biblioteca
Por favor intenta de nuevo
Error al seguir el podcast
Intenta nuevamente
Error al dejar de seguir el podcast
Intenta nuevamente
Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide
-
Narrado por:
-
De:
- Metasploitable 2, an intentionally vulnerable Ubuntu-based virtual machine designed for safely practicing penetration testing techniques in a controlled lab.
- Structured reconnaissance and enumeration, using tools like Nmap to identify open ports, detect service versions, and map the attack surface before attempting exploitation.
- Service version detection and exploit matching, identifying outdated or vulnerable services such as:
- Apache Tomcat
- vsftpd
- UnrealIRCd
- Exploiting intentionally placed backdoors, understanding how misconfigured or vulnerable services can lead to immediate privileged access in lab environments.
- Credential-based attacks, demonstrating the security risks of weak or default credentials across services like FTP, MySQL, and Tomcat Manager using modules within Metasploit.
- Remote Code Execution (RCE) scenarios, analyzing vulnerabilities in services such as:
- Samba (usermap_script vulnerability)
- DistCC
- Apache HTTP Server (PHP CGI misconfigurations)
- Web application exploitation techniques, including:
- Extracting sensitive server information from diagnostic pages (e.g., phpinfo)
- Uploading malicious payloads through misconfigured management consoles to gain controlled shell access (e.g., Meterpreter sessions)
- End-to-end penetration testing workflow, moving from reconnaissance → enumeration → exploitation → post-exploitation within a safe training environment.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Todavía no hay opiniones