Skip to content

Utkarsh464/labs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Security Labs

License Labs Target

Hands-on penetration testing labs documenting real exploitation workflows against intentionally vulnerable machines.

All activity was performed in an isolated lab environment for educational purposes.


Lab Index

Lab Target Technique Status
vsFTPd 2.3.4 Backdoor Metasploitable 2 Metasploit — CVE-2011-2523 Complete
DVWA Brute Force Metasploitable 2 Hydra — HTTP form brute-force Complete

Featured Labs

vsFTPd 2.3.4 Backdoor

This lab identifies vsftpd 2.3.4 on Metasploitable 2, maps it to CVE-2011-2523, troubleshoots failed reverse callback behavior, and validates a root shell through Meterpreter.

Full writeup →

Evidence Description
Zenmap service scan Nmap/Zenmap service discovery showing vsftpd 2.3.4 on 21/tcp.
Metasploit module options Module search, selection, and required options.
Meterpreter session Successful exploit after ForceExploit troubleshooting.
Root shell validation whoami and uname -a from interactive shell.

DVWA Brute Force

A brute-force attack against the Damn Vulnerable Web Application (DVWA) login page using Hydra. Demonstrates weak credential discovery, session cookie injection, and the impact of missing rate-limiting controls.

Full writeup →

Evidence Description
DVWA successful login DVWA Brute Force page showing successful admin:password login.
Hydra session Full hydra sequence: single-password test, wordlist run, and result.
Nmap scan Nmap service scan of target alongside hydra output.

Repository Layout

labs/
├── machines/
│   └── metasploitable2/
│       ├── README.md
│       ├── vsftpd-2.3.4-backdoor/
│       └── dvwa-brute-force/
├── .gitignore
├── LICENSE
└── README.md

Lab Environment

  • Attacker: Linux penetration testing workstation
  • Target: Metasploitable 2
  • Network: Isolated 192.168.122.0/24 virtual network
  • Tools: Nmap, Zenmap, Metasploit Framework, Meterpreter, Hydra, Netcat

Skills Demonstrated

  • Network and service enumeration with Nmap
  • Version-based vulnerability identification
  • Metasploit module selection, configuration, and troubleshooting
  • Web application brute-forcing with Hydra
  • Session cookie injection for authenticated testing
  • Post-exploitation validation (filesystem access, privilege verification)
  • Professional lab documentation and Git workflow

Tools


Legal Notice

The content in this repository is for authorized lab use only. Do not run these techniques against systems you do not own or do not have explicit permission to test.

About

Hands-on penetration testing labs using Metasploit, Nmap and intentionally vulnerable machines.

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors