Pentesting Reconnaissance Vulnerable Machine Project

🌱 How to start this project?

This exercise aims to teach students how to perform the reconnaissance phase on a vulnerable Metasploitable machine.

This is the first of 4 projects that will take you through the world of pentesting. The goal is to carry out all the phases of pentesting on a vulnerable computer. Specifically, we will work with the Metasploitable machine. This first phase focuses on "Reconnaissance".

Requirements

• Install the Metasploitable machine.
• Install Nmap if it is not already installed.

📝 Instructions

Step 1: Find the target's IP address.

• Log in to Metasploitable and use ifconfig.

Step 2: Find information about the target's operating system and versions.

• Perform a basic scan
• Scan services and versions
• Detect the operating system

Step 3: Enumerate the target's ports and services.

• Perform a full port scan
• Use Nmap scripts

Step 4: From the previous step, describe vulnerabilities and possible breaches that could be operating on those services.

• Analyze the results from Nmap.

Step 5: Penetration testing report for Metasploitable v1

• Objective and Scope
• Tools and Techniques Used
• Results of Exploited Vulnerabilities
  • Description: List and description of each vulnerability found.
  • Impact: Assessment of the impact of each vulnerability.
• Commands and Tools Used for Exploitation
• Mitigation
  • Proposals and Recommendations: Suggestions to remediate the exploited vulnerabilities.

Delivery

• Detailed report in PDF format with all results and analysis, including screenshots of commands and relevant results.

Contributors

Thanks goes to these wonderful people (emoji key):

1. Rosinni Rodríguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

This project follows the all-contributors specification. Contributions of any kind are welcome!