Share
## https://sploitus.com/exploit?id=4EDEF07E-CCCF-5563-ADCC-7B991E34AAF0
# Metasploitable 2 Penetration Testing Lab

## About the Project

This project was completed as part of my cybersecurity learning and practice. The objective was to understand how common network and web application vulnerabilities can be identified and assessed in a safe and controlled lab environment.

For this project, I used **Kali Linux** as the attacker machine and **Metasploitable 2** as the target machine. I also used **DVWA (Damn Vulnerable Web Application)** to practice web application security testing. All testing was performed inside VirtualBox on a local virtual network.

> **Note:** This project was performed only in an isolated lab environment for educational purposes. No unauthorized systems were targeted.

---

## Student Information

**Name:** Nayuni Ganesh

**College:** Viswam Engineering College

**Department:** Computer Science and Engineering (CSE)

**Year:** 4th Year

**GitHub:** https://github.com/nayuniganesh

---

## Lab Environment

- Attacker Machine: Kali Linux (Latest Version)
- Target Machine: Metasploitable 2
- Web Application: DVWA
- Virtualization Software: VirtualBox
- Environment: Local Virtual Lab

---

## Tools Used

- Kali Linux
- Metasploitable 2
- DVWA
- VirtualBox
- Nmap
- Metasploit Framework
- Hydra
- John the Ripper
- Telnet
- Wireshark
- MySQL Client
- Firefox Browser

---

## Project Objectives

- Learn penetration testing in a safe lab environment.
- Perform network reconnaissance.
- Identify vulnerable services.
- Test common network vulnerabilities.
- Practice web application security testing.
- Document findings and recommend security improvements.

---

## Attacks Performed

### Network Security Assessment

- Reconnaissance (Nmap Scanning)
- VSFTPD Service Assessment
- SSH Authentication Assessment
- Password Hash Analysis
- Telnet Assessment
- MySQL Assessment

### Web Application Security Assessment

- SQL Injection
- Cross-Site Scripting (XSS)
- Command Injection
- File Upload Vulnerability

---

## Repository Structure

```text
Metasploitable2-Penetration-Testing-Lab/
โ”‚โ”€โ”€ README.md
โ”‚โ”€โ”€ REPORT.md
โ”‚โ”€โ”€ LICENSE
โ”‚
โ”œโ”€โ”€ docs/
โ”‚   โ”œโ”€โ”€ lab_setup.md
โ”‚   โ”œโ”€โ”€ methodology.md
โ”‚   โ”œโ”€โ”€ findings.md
โ”‚   โ””โ”€โ”€ recommendations.md
โ”‚
โ”œโ”€โ”€ screenshots/
โ”‚   โ”œโ”€โ”€ 01_reconnaissance/
โ”‚   โ”œโ”€โ”€ 02_vsftpd/
โ”‚   โ”œโ”€โ”€ 03_ssh_bruteforce/
โ”‚   โ”œโ”€โ”€ 04_hash_analysis/
โ”‚   โ”œโ”€โ”€ 05_telnet/
โ”‚   โ”œโ”€โ”€ 06_mysql/
โ”‚   โ”œโ”€โ”€ 07_sql_injection/
โ”‚   โ”œโ”€โ”€ 08_reflected_xss/
โ”‚   โ”œโ”€โ”€ 09_command_injection/
โ”‚   โ””โ”€โ”€ 10_file_upload/
โ”‚
โ””โ”€โ”€ assets/
```

---

## What I Learned

Through this project, I learned how to:

- Perform network scanning and service enumeration.
- Identify vulnerable services running on a target machine.
- Understand password security and authentication weaknesses.
- Analyze network traffic using Wireshark.
- Test common web application vulnerabilities.
- Document security findings in a professional report.
- Understand the importance of secure system configuration and input validation.

---

## Disclaimer

This project was conducted only in a controlled virtual laboratory using intentionally vulnerable systems (Metasploitable 2 and DVWA). It is shared for educational and defensive cybersecurity learning purposes only.

---

## Author

**Nayuni Ganesh**

B.Tech โ€“ Computer Science and Engineering

Viswam Engineering College

GitHub: https://github.com/nayuniganesh