Infrastructure Targets
Behind every web app sits infrastructure — servers, databases, file shares, and the operating systems they run on. Infrastructure testing is about finding the services exposed on a host and the vulnerabilities in them. We practise on Metasploitable 2.
What you'll achieve here: a running Metasploitable 2 target on your lab network, and a clear mental model of the enumerate → exploit → loot workflow.
What is infrastructure testing?
Rather than abusing application logic, infrastructure testing targets the network-facing services a machine runs: SSH, FTP, SMB, web servers, databases, and more. The classic flow is:
- Discover — find live hosts on the network.
- Enumerate — identify open ports, services, and versions.
- Research — look up known vulnerabilities for those versions.
- Exploit — gain a foothold, then escalate privileges.
This maps directly onto our 7-phase methodology.
Common services & ports you'll enumerate
| Port | Service | Why it matters |
|---|---|---|
| 21 | FTP | Anonymous access, weak creds, vulnerable daemons. |
| 22 | SSH | Weak credentials, outdated versions. |
| 80 / 443 | HTTP(S) | Web apps and server software flaws. |
| 139 / 445 | SMB | File shares, classic remote exploits. |
| 3306 | MySQL | Database access with weak or default creds. |
Your Kali tools for this: Nmap (port/service scanning), Metasploit (exploitation framework), and enum4linux (SMB enumeration).