-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Vulnerabilities
sinn3r edited this page Oct 21, 2016
·
29 revisions
- 4848 - HTTP
- 8080 - HTTP
- 8181 - HTTPS
- Username: admin
- Password: sploit
- On Metasploitable3, point your browser to http://localhost:4848.
- Login with the above credentials.
- Stop: Open task manager and kill the java.exe process running glassfish
- Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
- exploits/multi/http/glassfish_deployer
- auxiliary/scanner/http/glassfish_login
- 8282 - HTTP
- Apache Tomcat Web Application Manager
- U: sploit
- P: sploit
- To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- exploit/multi/http/struts_dmi_rest_exec
- 8282 - HTTP
- U: sploit
- P: sploit
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- auxiliary/scanner/http/tomcat_enum
- auxiliary/scanner/http/tomcat_mgr_login
- exploits/multi/http/tomcat_mgr_deploy
- exploits/multi/http/tomcat_mgr_upload
- post/windows/gather/enum_tomcat
- 8484 - HTTP
- None enabled by default
- Point your browser on Metasploitable3 to http://localhost:8383.
- Stop: Open services.msc. Stop the jenkins service.
- Start: Open services.msc. Start the jenkins service.
- exploits/multi/http/jenkins_script_console
- auxiliary/scanner/http/jenkins_enum
- 80 - HTTP
- 443 - HTTPS
- U: vagrant
- P: vagrant
- Point your browser on Metasploitable3 to http://localhost.
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- CVE-2015-1635
- auxiliary/dos/http/ms15_034_ulonglongadd
- 445 - SMB
- 139 - NetBIOS
- Any credentials valid for Metasploitable3 should work. See the list here
- Use the psexec tool to run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
- exploits/windows/smb/psexec
- exploits/windows/smb/psexec_psh
- 22 - SSH
- Any credentials valid for Metasploitable3 should work. See the list here
- Use an SSH client to connect and run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
- 5986 - HTTPS
- Any credentials valid for Metasploitable3 should work. See the list here
- Stop: Open services.msc. Stop the Windows Remote Management service.
- Start: Open services.msc. Start the Windows Remote Management service.
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
- auxiliary/scanner/winrm/winrm_cmd
- auxiliary/scanner/winrm/winrm_wql
- auxiliary/scanner/winrm/winrm_login
- auxiliary/scanner/winrm/winrm_auth_methods
- exploits/windows/winrm/winrm_script_exec
- 80 - HTTP
- Any credentials valid for Metasploitable3 should work. See the list here
- Point your browser on metasploitable3 to http://localhost/caidao.asp
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- auxiliary/scanner/http/caidao_bruteforce_login