<aside> ✅

🎯 Realistic Fake Company Profile

Company Name:

LegacySoft Solutions

Industry:

IT Services / Small Software Vendor

What they do:

LegacySoft is a mid-sized IT services provider that still maintains older infrastructure to support long-term clients. They host web applications, internal file servers, email servers, and databases for small businesses.

Why this fits Metasploitable 2:

• Old FTP, Samba, and Telnet → “internal file sharing & remote access for staff.”
• Old Apache/Tomcat/PHP apps → “client-facing web apps still running on legacy stacks.”
• MySQL/PostgreSQL → “databases for customer data.”
• SMTP/Postfix → “internal and customer-facing email systems.”

That way, when you exploit MS2 services, your report can say things like:

“The customer environment includes several legacy services (FTP, Samba, and Tomcat) which are exposed and vulnerable to known exploits. These align with the customer’s stated reliance on legacy infrastructure for client operations.”

👥 Fake Customer Team – Pentest Requestors

1. Laura Kim

Chief Information Officer (CIO)

📧 [email protected]

She approved the pentest to ensure business continuity and compliance.

2. Mark Jensen

IT Infrastructure Manager

📧 [email protected]

Directly responsible for maintaining the company’s legacy servers and authorized testing.

3. Sophia Martinez

Security & Compliance Officer

📧 [email protected]

Interested in risk assessments and ensuring adherence to regulatory frameworks.

4. Tom Williams

System Administrator

📧 [email protected]

Technical contact during testing, providing system details and user accounts for scoped systems.

</aside>

Reports