Overview
For this exercise, the Kali and Metasploitable VMs must be running. You've noticed that the Metasploitable server has an active FTP service. While you could try to sniff for cleartext passwords when other users log in, you'll instead try brute force attacking it with an online credential testing tool.
The xHydra window