-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Vulnerabilities
jbarnett-r7 edited this page Nov 2, 2016
·
29 revisions
- 4848 - HTTP
- 8080 - HTTP
- 8181 - HTTPS
- Username: admin
- Password: sploit
- On Metasploitable3, point your browser to http://localhost:4848.
- Login with the above credentials.
- Stop: Open task manager and kill the java.exe process running glassfish
- Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
- exploits/multi/http/glassfish_deployer
- auxiliary/scanner/http/glassfish_login
- 8282 - HTTP
- Apache Tomcat Web Application Manager
- U: sploit
- P: sploit
- To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- exploit/multi/http/struts_dmi_rest_exec
- 8282 - HTTP
- U: sploit
- P: sploit
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- auxiliary/scanner/http/tomcat_enum
- auxiliary/scanner/http/tomcat_mgr_login
- exploits/multi/http/tomcat_mgr_deploy
- exploits/multi/http/tomcat_mgr_upload
- post/windows/gather/enum_tomcat
- 8484 - HTTP
- None enabled by default
- Point your browser on Metasploitable3 to http://localhost:8383.
- Stop: Open services.msc. Stop the jenkins service.
- Start: Open services.msc. Start the jenkins service.
- exploits/multi/http/jenkins_script_console
- auxiliary/scanner/http/jenkins_enum
- 80 - HTTP
- 443 - HTTPS
- U: vagrant
- P: vagrant
- Point your browser on Metasploitable3 to http://localhost.
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- CVE-2015-1635
- auxiliary/dos/http/ms15_034_ulonglongadd
- 445 - SMB
- 139 - NetBIOS
- Any credentials valid for Metasploitable3 should work. See the list here
- Use the psexec tool to run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
- exploits/windows/smb/psexec
- exploits/windows/smb/psexec_psh
- 22 - SSH
- Any credentials valid for Metasploitable3 should work. See the list here
- Use an SSH client to connect and run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
- 5985 - HTTPS
- Any credentials valid for Metasploitable3 should work. See the list here
- Stop: Open services.msc. Stop the Windows Remote Management service.
- Start: Open services.msc. Start the Windows Remote Management service.
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
- auxiliary/scanner/winrm/winrm_cmd
- auxiliary/scanner/winrm/winrm_wql
- auxiliary/scanner/winrm/winrm_login
- auxiliary/scanner/winrm/winrm_auth_methods
- exploits/windows/winrm/winrm_script_exec
- 80 - HTTP
- Any credentials valid for Metasploitable3 should work. See the list here
- Point your browser on metasploitable3 to http://localhost/caidao.asp
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- auxiliary/scanner/http/caidao_bruteforce_login
8020 - HTTP
Username: admin Password: admin
On Metasploitable3, point your browser to http://localhost:8020. Login with the above credentials.
- Stop: In command prompt, do
net stop ManageEngine Desktop Central Server - Start: In command prompt, do
net start ManageEngine Desktop Central Server
- exploit/windows/http/manageengine_connectionid_write
9200 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:9200.
- Stop: In command prompt, do
net stop elasticsearch-service-x64 - Start: In command prompt, do
net start elasticsearch-service-x64
- exploit/multi/elasticsearch/script_mvel_rce
8282 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:8282/axis2.
Log into Apache Tomcat, and start or stop from the application manager.
- exploit/multi/http/axis2_deployer
8585 - HTTP
No credentials needed
See the PR here: https://github.com/rapid7/metasploitable3/pull/16
- Stop: In command prompt, do
net stop wampapache - Start: In command prompt, do
net start wampapache
- auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)
8585 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:8585/wordpress.
- Stop: In command prompt, do
net stop wampapache - Start: In command prompt, do
net start wampapache
- NinjaForms 2.9.42
- unix/webapp/wp_ninja_forms_unauthenticated_file_upload
8585 - HTTP
U: root P:
On Metasploitable3, point your browser to http://localhost:8585/phpmyadmin.
- Stop: In command prompt, do
net stop wampapache - Start: In command prompt, do
net start wampapache
- multi/http/phpmyadmin_preg_replace