New Lab Time ! Kali and Metaspoiltable VM's

It's time for a new lab setup to practise some fundamental web app exploits. I have an Azure virtual lab running on my Mac with two seperate nested VM's. We have our attacker Kali machine and Metasploitable OS with some vulnerabilities. I am going to use various scanning tools to analyse the technology stack, I am then going to identify the vulnerabilities, do some spidering to see what else I can find. I am also going to use practise some SQL injection attacks against the DVWA website and finally I am intending to discover what session management weaknesses exist.