Vulnerabilities

GlassFish

Ports

• 4848 - HTTP
• 8080 - HTTP
• 8181 - HTTPS

Credentials

• Username: admin
• Password: vagrant

Access

• On Metasploitable3, point your browser to http://localhost:4848.
• Login with the above credentials.

Start/Stop

• Stop: Open task manager and kill the java.exe process running glassfish
• Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.

Vulnerabilities

Modules

• exploits/multi/http/glassfish_deployer
• auxiliary/scanner/http/glassfish_login

Apache Struts

Ports

• 8282 - HTTP

Credentials

• Apache Tomcat Web Application Manager
  • U: sploit
  • P: sploit

Access

• To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
• To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

Start/Stop

• Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
• Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

Vulnerabilities

Modules

• exploit/multi/http/struts_dmi_rest_exec

Tomcat

Ports

• 8282 - HTTP

Credentials

• U: sploit
• P: sploit

Access

• To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

Start/Stop

• Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
• Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

Vulnerabilities

Modules

• /auxiliary/scanner/http/tomcat_enum
• /auxiliary/scanner/http/tomcat_mgr_login
• /exploits/multi/http/tomcat_mgr_deploy
• /exploits/multi/http/tomcat_mgr_upload
• /post/windows/gather/enum_tomcat

Jenkins

Ports

• 8383 - HTTP

Credentials

• None enabled by default

Access

• Point your browser on Metasploitable3 to http://localhost:8383.

Start/Stop

• Stop: Open services.msc. Stop the Jenkins service.
• Start: Open services.msc. Start the Jenkins service.

Vulnerabilities

Modules

• exploits/multi/http/jenkins_script_console
• auxiliary/scanner/http/jenkins_enum

IIS

Ports

• 80 - HTTP
• 81 - HTTPS

Credentials

• U: vagrant
• P: vagrant

Access

• Point your browser on Metasploitable3 to http://localhost.

Start/Stop

• Stop: Open services.msc. Stop the Jenkins service.
• Start: Open services.msc. Start the Jenkins service.

Vulnerabilities

• CVE-2015-1635

Modules

• auxiliary/dos/http/ms15_034_ulonglongadd

psexec

Ports

• 445 - SMB
• 139 - NetBIOS

Credentials

• U: vagrant
• P: vagrant

Access

• Use the psexec tool to run commands remotely on the target.

Start/Stop

• Enabled by default

Vulnerabilities

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.

Modules

• exploits/windows/smb/psexec
• exploits/windows/smb/psexec_psh

SSH

Ports

• 22 - SSH

Credentials

• U: vagrant
• P: vagrant

Access

• Use an SSH client to connect and run commands remotely on the target.

Start/Stop

• Enabled by default

Vulnerabilities

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.

Modules

WinRM

Ports

• 5986 - HTTPS

Credentials

• U: vagrant
• P: vagrant

Access

Start/Stop

• Enabled by default

Vulnerabilities

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.

Modules

chinese caidao

Ports

• 80 - HTTP

Credentials

• U: vagrant
• P: vagrant

Access

• Point your browser on metasploitable3 to http://localhost/caidao.asp

Start/Stop

Vulnerabilities

Modules

• exploits/multi/http/caidao_php_backdoor_exec.rb
• auxiliary/scanner/http/caidao_bruteforce_login.rb