WEBVTT

00:00.390 --> 00:06.070
The metal's plausible virtual machine is an intentionally vulnerable version of the boot to Linux.

00:06.100 --> 00:12.450
It is designed for testing your security skills in terms of penetration testing and ethical hacking.

00:12.450 --> 00:15.180
It is available as a VM word image.

00:15.180 --> 00:20.040
You can go to the rapid 7 website or hub and download the VM from there.

00:20.040 --> 00:28.650
I did that and imported the VM to my player here and once the machine starts you can you'll be presented

00:28.650 --> 00:29.610
by this console.

00:29.620 --> 00:36.960
Just have to type the MSF admin as a username and MSF admin as a password and then write a f config

00:37.020 --> 00:40.340
to see the IP address of this machine.

00:40.350 --> 00:44.170
In this case it is 2 1 1 1 3 9 here.

00:44.200 --> 00:49.470
Now we will go to our browser here and type this IP address

00:52.670 --> 01:01.050
and we will be presented by a list of Web applications like do you we keep HP my admin multiday DV w

01:01.050 --> 01:06.910
a which are the down and vulnerable of application and web dev all of these are deliberately vulnerable

01:06.910 --> 01:13.470
of applications which come pre installed and the methods applicable to image to access any of these

01:13.470 --> 01:14.250
applications.

01:14.250 --> 01:17.220
Just press on them and here we go.

01:17.220 --> 01:19.800
This is the multiday web application.

01:19.920 --> 01:26.790
It contains all of the vulnerabilities from the OS top 10 plus a number of other vulnerabilities inspired

01:26.790 --> 01:33.290
by the dam vulnerable Web application multiday allows the user to change the security level you can

01:33.300 --> 01:36.780
toggle the security from here as you can see the security level is zero.

01:36.780 --> 01:38.470
Once you press it it's 1.

01:38.490 --> 01:39.350
Now it's 5.

01:39.390 --> 01:46.140
If the application is damaged by the user injection and hacks just click here on the reset DV and you

01:46.140 --> 01:49.380
will reset the application to the original state.

01:49.380 --> 01:57.060
You can test your skills on the OS then by clicking on this left menu here and all the top vulnerabilities

01:57.170 --> 01:58.040
are presented.

01:58.080 --> 02:05.430
As for the Dem vulnerable Web application just use the user name of admin and password then you will

02:05.430 --> 02:12.140
be presented by the homepage which has enough instruction you don't vulnerable obligation as a BHP might

02:12.140 --> 02:12.860
as well.

02:12.890 --> 02:17.580
A web application that is actually as its name says it's damn vulnerable again.

02:17.670 --> 02:24.240
The main goal of that is to aid you in testing your skills for penetration testing and ethical hack.

02:24.270 --> 02:29.460
You can as well toggle the security from here from low medium high and you can test the top security

02:29.460 --> 02:32.890
vulnerabilities from this left menu as well.