Vulnerable Web Services
Metasploitable2 also has deliberately vulnerable web applications preinstalled. The web server starts automatically when Metasploitable2 is booted. To access the web applications, open a web browser and enter the IPv4 address you have been using since Figure 10.19. I can access mine by browsing to http://192.168.124.140. As you see in Figure 10.22, there are web applications that can be accessed from this page.
Figure 10.22: Metasploitable2 web application home page
The Mutillidae web application contains all the vulnerabilities from the OWASP Top Ten (see Figure 10.23). If you scroll through the menus starting with the OWASP Top 10, the menus will cascade into subdirectories of vulnerabilities, including form caching and click‐jacking. Mutillidae allows the user to change the security level from 0 (completely and totally insecure) to 5 (secure). Additionally, three levels of hints are provided, ranging from “Level 0 – I try harder”...
