A comprehensive internal network and web application penetration testing lab against a legacy Linux server, focused on validating real attack paths and translating technical findings into security risk and remediation actions.
This repository documents a full vulnerability assessment and penetration testing lab conducted against a legacy Linux server and its hosted web applications in a controlled environment. The project demonstrates how exposed services, outdated software, weak authentication controls, and poor request validation can be identified, tested, and chained into a credible compromise scenario.
The lab is designed to showcase both offensive and defensive security capabilities, making it relevant for blue team, red team, SOC, detection engineering, vulnerability management, and security operations roles.
The lab simulates an internal attacker assessing a poorly hardened legacy environment. The objective was not just to identify vulnerabilities, but to validate whether they could be exploited in practice and to show how individual weaknesses across infrastructure and application layers combine into a realistic attack path.
The engagement covered:
- Internal network reconnaissance and service enumeration
- Vulnerability scanning and validation
- Controlled exploitation of legacy services
- Web application security testing
- Attack-path analysis
- Risk evaluation and remediation planning
This project goes beyond tool output. It shows the full workflow from discovery to business impact:
- How an exposed internal host was profiled
- How scanner findings were prioritised and validated
- How critical services were exploited in a controlled way
- How web application flaws enabled administrative compromise
- How the findings were translated into remediation priorities and defensive lessons
- Identify exposed services and attack surface within an internal lab environment
- Validate whether legacy services could be exploited for unauthorised access
- Assess web application weaknesses affecting authentication and request handling
- Demonstrate how infrastructure and application vulnerabilities can be chained together
- Produce a professional security report with risk-based remediation guidance
- Attacker VM: Kali Linux
- Target VM: Metasploitable 2
- Target Type: Legacy Linux server hosting vulnerable services and DVWA
- Primary Target IP:
192.168.10.4 - Attacker IP:
192.168.10.3
- Internal network exposure
- Service enumeration
- Vulnerability scanning
- Service exploitation
- Web application authentication testing
- Cross-site request forgery testing
- Nmap - host discovery, port scanning, service enumeration
- Nessus - vulnerability assessment and severity identification
- Metasploit Framework - controlled service exploitation and validation
- Burp Suite Community Edition - web application testing, request interception, Intruder, Repeater
- DVWA - vulnerable web application test target
- Kali Linux - attacker platform and testing environment
- The target exposed numerous legacy services, including FTP, SSH, Telnet, SMB, HTTP, MySQL, PostgreSQL, VNC, IRC, and Tomcat.
- Vulnerability scanning identified 71 vulnerabilities, including multiple high and critical issues.
- Two legacy services were successfully exploited:
- vsFTPd 2.3.4 Backdoor
- UnrealIRCd 3.2.8.1 Backdoor
- Both exploit paths resulted in root-level command execution, confirming full host compromise from the internal network.
-
Brute Force Authentication Vulnerability
- Administrative login lacked rate limiting, account lockout, or brute-force protections
- Automated password guessing successfully identified valid admin credentials
-
Cross-Site Request Forgery (CSRF)
- Password change functionality lacked anti-CSRF validation
- A forged, authenticated request successfully changed the administrator password
| Finding | Severity |
|---|---|
| vsFTPd 2.3.4 Backdoor | Critical |
| UnrealIRCd 3.2.8.1 Backdoor | Critical |
| Brute Force Authentication | High |
| Cross-Site Request Forgery | High |
This lab validated a realistic compromise chain:
- Internal host discovery and service enumeration
- Identification of exposed legacy services
- Vulnerability scanning to prioritise exploitable weaknesses
- Successful service exploitation for system-level access
- Web application testing for administrative compromise
- Chaining of infrastructure and application weaknesses into a broader attack scenario
- Exposed legacy services significantly expand the internal attack surface
- Scanner results become far more valuable when validated through controlled testing
- Infrastructure compromise and web application compromise should not be treated as separate risks
- Weak authentication and poor request validation can directly affect privileged access
- Strong reporting matters as much as technical execution in real-world security work
This project was conducted in a fully authorised, isolated laboratory environment for educational and defensive security purposes. No testing was performed against unauthorised systems.
This lab shows how a legacy internal environment can be compromised through a combination of exposed services, outdated software, weak authentication controls, and insecure application design. More importantly, it demonstrates the complete security workflow: identify, validate, exploit in a controlled manner, assess impact, and recommend remediation.
It is a practical portfolio project that reflects both attacker tradecraft and defender thinking.
“A system falls long before it breaks; it falls the moment its weaknesses go unseen.”
— Oluwamuyiwa Aikomo