Performed an authenticated vulnerability assessment against an intentionally vulnerable Metasploitable 2 target using Greenbone/OpenVAS in an isolated Oracle VirtualBox cybersecurity lab.
The scan identified a large number of vulnerabilities across exposed network services, outdated applications, weak remote-access configurations, and possible backdoors.
All testing was performed against an intentionally vulnerable target in a controlled and authorized lab environment.
- Virtualization platform: Oracle VirtualBox
- Firewall/router: pfSense
- Scanning system: Kali Linux
- Vulnerability scanner: Greenbone/OpenVAS
- Target: Metasploitable 2
- Target IP address:
192.168.2.200
- Configure and operate Greenbone/OpenVAS
- Create a vulnerability-scanning target
- Perform a vulnerability assessment against Metasploitable 2
- Review findings by severity
- Analyze critical vulnerabilities and affected services
- Document security impact and recommended remediation
- Generate and preserve a professional scan report
The OpenVAS scan selected 69 findings from 631 raw results.
| Severity | Findings |
|---|---|
| Critical | 13 |
| High | 11 |
| Medium | 39 |
| Low | 6 |
| Total | 69 |
| Finding | Port | Severity | Security Impact |
|---|---|---|---|
| Possible Ingreslock backdoor | 1524/tcp | Critical — CVSS 10.0 | Returned uid=0(root) gid=0(root), demonstrating unauthenticated root-level command execution |
| rlogin passwordless root access | 513/tcp | Critical — CVSS 10.0 | Allowed complete control of the target without a password |
| TWiki command execution and XSS vulnerabilities | 80/tcp | Critical — CVSS 10.0 | Could permit arbitrary script or command execution |
| vsftpd compromised-package backdoor | 21/tcp | Critical — CVSS 9.8 | Could permit arbitrary command execution through a backdoored FTP package |
| Apache Tomcat AJP Ghostcat vulnerability | 8009/tcp | Critical — CVSS 9.8 | Allowed unauthorized reading of protected application files |
| DistCC remote code execution | 3632/tcp | Critical — CVSS 9.3 | Allowed unauthorized operating-system command execution as the daemon account |
| Weak VNC password | 5900/tcp | Critical — CVSS 9.0 | The scanner successfully connected using the password password |
Greenbone/OpenVAS identified a possible Ingreslock backdoor on TCP port 1524.
The service responded to an id command with:
uid=0(root) gid=0(root)