Learning Hub / Target Machines / Infrastructure Targets

Infrastructure Targets

Section 3.2 Difficulty: Beginner → Intermediate

Behind every web app sits infrastructure — servers, databases, file shares, and the operating systems they run on. Infrastructure testing is about finding the services exposed on a host and the vulnerabilities in them. We practise on Metasploitable 2.

What you'll achieve here: a running Metasploitable 2 target on your lab network, and a clear mental model of the enumerate → exploit → loot workflow.

What is infrastructure testing?

Rather than abusing application logic, infrastructure testing targets the network-facing services a machine runs: SSH, FTP, SMB, web servers, databases, and more. The classic flow is:

  1. Discover — find live hosts on the network.
  2. Enumerate — identify open ports, services, and versions.
  3. Research — look up known vulnerabilities for those versions.
  4. Exploit — gain a foothold, then escalate privileges.

This maps directly onto our 7-phase methodology.

Common services & ports you'll enumerate

PortServiceWhy it matters
21FTPAnonymous access, weak creds, vulnerable daemons.
22SSHWeak credentials, outdated versions.
80 / 443HTTP(S)Web apps and server software flaws.
139 / 445SMBFile shares, classic remote exploits.
3306MySQLDatabase access with weak or default creds.

Your Kali tools for this: Nmap (port/service scanning), Metasploit (exploitation framework), and enum4linux (SMB enumeration).

Continue