Forum Thread: Metasploitable & Learning

Metasploitable is a Linux distribution with numerous vulnerabilities. Of course, you can use the Samba vulnerability, but you should do your recon to learn what it is vulnerable to. You need to imagine that this is a real system and you need to FIND the vulnerabilities.

Ill get your point, would you suggest for a starter hacker Who has never exploited or used metasploit on systems to start right away with metasploitable to hack the ftp, apache,samba services which i never have practical expierence with? Or would it be smarter to start with a easier OS like Windows xp?

By the way, I'm a real beginner and never did such kind of things like hacking so i'm abit confused when you say "Linux distribution with numerous vulnerabilities" . isnt it supposed to be to check what service is running on what port and exploit that service instead of finding the OS build of the linux server ( this case metasploitable) and use a vulnerabilitie for that?

Metasploitable is definitely the best vulnerable machine to get hands on with metasploit and experiment different ways to have a remote access to the system.

If you scan the metasploitable machine with a vulnerability scanner , you would find that the machine has numerous open services and ports. Every service is running an older and unpatched version that you can exploit.

You can use a vulnerabilty scanners like open-vas or nessus. There are many tutz on the web to get ready.

You can also have a different and more manual approach by scanning metasploitable with nmap which will give you the running services version. Then you search CVE associated with those services/version.

You are making a little confusion about vulnerability and exploiting.
A vulnerability is something you can give take an advantage on.
Exploiting is using a vulnerability to penetrate the system.

Be ethic and Have fun :)