Modeling threats

From the intelligence gathering phase, we can see that only port 80 is open on the target system and the application running on it isn't vulnerable and is running the PhpCollab Web application on it. To gain access to the PhpCollab portal, trying some random passwords and username yields no success. Even searching Metasploit, we don't have modules for PhpCollab:

Let's try searching PhpCollab using the searchsploit tool from https://exploit-db.com/. The searchsploit allows you to easily search from all the exploits currently hosted on exploit database website as it maintains an offline copy of all the exploits:

Voila! We have an exploit for PhpCollab, and the good news is that it's already in the Metasploit exploit format.