Share
## https://sploitus.com/exploit?id=409B08D4-68A2-55C4-9A06-6D7FD27011EC
# Metasploitable 2 Penetration Test
**Date:** June 2026
**Tester:** Kgalake Mabotja
## Overview
Complete penetration test on Metasploitable 2 from reconnaissance to hardening.
## Phases
### 1. Reconnaissance
- Nmap port scanning (full and targeted)
- Service enumeration
- Vulnerability identification
### 2. Exploitation
| Vulnerability | Port | Access |
|---------------|------|--------|
| vsFTPd 2.3.4 Backdoor | 21 | Root shell |
| UnrealIRCd Backdoor | 6667 | Remote code execution |
| Java RMI | 1099 | Meterpreter session |
### 3. Post-Exploitation
- Root access verification
- System enumeration
- Evidence collection
### 4. Hardening
- Stopped all vulnerable services
- Removed services from startup
- Enabled UFW firewall (port 22 only)
### 5. Verification
- Post-hardening Nmap scan shows only port 22 open
- Firewall blocks all unauthorized ports
## Tools Used
- Nmap (reconnaissance)
- Metasploit Framework (exploitation)
- UFW (firewall)
## Results
โ
Full root access achieved during exploitation
โ
System successfully hardened to expose only SSH
โ
Complete documentation with screenshots
## Repository Structure
โโโ reconnaissance/ # Nmap scans and results
โโโ exploitation/ # Exploit documentation
โโโ hardening/ # Hardening plan and results
โโโ screenshots/ # Evidence PNG files
โโโ engagement-log.md # Full activity log