The Mutillidae web application ( NOWASP (Mutillidae)) contains all of the vulnerabilities from the OWASP Top Ten plus a number of other vulnerabilities such as HTML-5 web storage, forms caching, and click-jacking.
The applications are installed in Metasploitable 2 in the /var/In the current version as of this writing, the applications are Individual web applications may additionally be accessed by appending the application directory name onto to create URL For example, the Mutillidae application may be accessed (in this example) at address. To access a particular web application, click on one of the links provided. Depending on the order in which guest operating systems are started, the IP address of Metasploitable 2 will vary. IP address are assigned starting from "101". This document will continue to expand over time as many of the less obvious flaws with this platform are detailed.ġ92.168.56/24 is the default "host only" network in Virtual Box.
Currently missing is documentation on the web server and web application flaws as well as vulnerabilities that allow a local user to escalate to root privileges. This document outlines many of the security flaws in the Metasploitable 2 image. (Note: A video tutorial on installing Metasploitable 2 is available here.) By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
0 kommentar(er)
