Metasploit for website pentest

Post author:jonathansblog
Post published:February 13, 2019
Post category:jonathansblog / Kali Linux / Metasploit / Pentest
Post comments:1 Comment

If you dont have dvwa setup inside vagrant [or running on a box on your network, eg through proxmox or opencloud or even bare metal] yet, follow the link above to go to my tutorial, otherwise

cd /path/to/vagrantfile
vagrant up

Start metasploit

Following the start of my metasploit tutorial for beginners, before starting the metasploit console, we will start the database service and set up the metasploit database if not already done:

Pages: 1 2 3 4 5 6 7 8 9 10 11 12

Tags: Address, App, Book, Command, Connect, Default, Directory, Display, Error, File, Image, Index, Launch, Link, List, Local, metasploit, Mini, Multi, Multiple, Php, Scan, Screen, Server, Terminal, Text, Time, Tools, Tutorial, Url, Virtual, Vulnerability, Web, Website, Work

This Post Has One Comment

Will Meek September 10, 2019 Log in to Reply

Great writeup Jonathan!

Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

And File/Dir testing at the ‘404’ stage takes forever! :)

Leave a ReplyCancel reply