Update README.md
This commit is contained in:
parent
52848bf745
commit
ceb6db77a1
483
README.md
483
README.md
|
@ -1,2 +1,481 @@
|
|||
# metasploitable3
|
||||
Solutions to Metasploitable 3
|
||||
# METASPLOITABLE 3
|
||||
# GlassFish
|
||||
### Ports
|
||||
* 4848 - HTTP
|
||||
* 8080 - HTTP
|
||||
* 8181 - HTTPS
|
||||
|
||||
### Credentials
|
||||
* Username: admin
|
||||
* Password: sploit
|
||||
|
||||
### Access
|
||||
* On Metasploitable3, point your browser to http://localhost:4848.
|
||||
* Login with the above credentials.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open task manager and kill the java.exe process running glassfish
|
||||
* Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2011-0807
|
||||
|
||||
### Modules
|
||||
* exploits/multi/http/glassfish_deployer
|
||||
* auxiliary/scanner/http/glassfish_login
|
||||
|
||||
# Apache Struts
|
||||
### Ports
|
||||
* 8282 - HTTP
|
||||
|
||||
### Credentials
|
||||
* Apache Tomcat Web Application Manager
|
||||
* U: sploit
|
||||
* P: sploit
|
||||
|
||||
### Access
|
||||
* To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
|
||||
* To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
|
||||
* Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2016-3087
|
||||
|
||||
### Modules
|
||||
* exploit/multi/http/struts_dmi_rest_exec
|
||||
|
||||
# Tomcat
|
||||
### Ports
|
||||
* 8282 - HTTP
|
||||
|
||||
### Credentials
|
||||
* U: sploit
|
||||
* P: sploit
|
||||
|
||||
### Access
|
||||
* To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
|
||||
* Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2009-3843
|
||||
* CVE-2009-4189
|
||||
|
||||
### Modules
|
||||
* auxiliary/scanner/http/tomcat_enum
|
||||
* auxiliary/scanner/http/tomcat_mgr_login
|
||||
* exploits/multi/http/tomcat_mgr_deploy
|
||||
* exploits/multi/http/tomcat_mgr_upload
|
||||
* post/windows/gather/enum_tomcat
|
||||
|
||||
# Jenkins
|
||||
### Ports
|
||||
* 8484 - HTTP
|
||||
|
||||
### Credentials
|
||||
* None enabled by default
|
||||
|
||||
### Access
|
||||
* Point your browser on Metasploitable3 to http://localhost:8484.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the jenkins service.
|
||||
* Start: Open services.msc. Start the jenkins service.
|
||||
|
||||
### Modules
|
||||
* exploits/multi/http/jenkins_script_console
|
||||
* auxiliary/scanner/http/jenkins_enum
|
||||
|
||||
# IIS - FTP
|
||||
### Ports
|
||||
* 21 - FTP
|
||||
|
||||
### Credentials
|
||||
Windows credentials
|
||||
|
||||
### Access
|
||||
Any FTP client should work
|
||||
|
||||
### Start/Stop
|
||||
* Stop: ```net stop msftpsvc```
|
||||
* Start: ```net start msftpsvc```
|
||||
|
||||
### Modules
|
||||
* auxiliary/scanner/ftp/ftp_login
|
||||
|
||||
# IIS - HTTP
|
||||
### Ports
|
||||
* 80 - HTTP
|
||||
|
||||
### Credentials
|
||||
* U: vagrant
|
||||
* P: vagrant
|
||||
|
||||
### Access
|
||||
* Point your browser on Metasploitable3 to http://localhost.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the World Wide Web Publishing service.
|
||||
* Start: Open services.msc. Start the World Wide Web Publishing service.
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2015-1635
|
||||
|
||||
### Modules
|
||||
* auxiliary/dos/http/ms15_034_ulonglongadd
|
||||
|
||||
# psexec
|
||||
### Ports
|
||||
* 445 - SMB
|
||||
* 139 - NetBIOS
|
||||
|
||||
### Credentials
|
||||
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)
|
||||
|
||||
### Access
|
||||
* Use the [psexec tool](https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx) to run commands remotely on the target.
|
||||
|
||||
### Start/Stop
|
||||
* Enabled by default
|
||||
|
||||
### Vulnerabilities
|
||||
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
|
||||
|
||||
### Modules
|
||||
* exploits/windows/smb/psexec
|
||||
* exploits/windows/smb/psexec_psh
|
||||
|
||||
# SSH
|
||||
### Ports
|
||||
* 22 - SSH
|
||||
|
||||
### Credentials
|
||||
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)
|
||||
|
||||
### Access
|
||||
* Use an SSH client to connect and run commands remotely on the target.
|
||||
|
||||
### Start/Stop
|
||||
* Enabled by default
|
||||
|
||||
### Vulnerabilities
|
||||
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
|
||||
|
||||
### Modules
|
||||
|
||||
# WinRM
|
||||
### Ports
|
||||
* 5985 - HTTPS
|
||||
|
||||
### Credentials
|
||||
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)
|
||||
|
||||
### Access
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the Windows Remote Management service.
|
||||
* Start: Open services.msc. Start the Windows Remote Management service.
|
||||
|
||||
### Vulnerabilities
|
||||
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
|
||||
|
||||
### Modules
|
||||
* auxiliary/scanner/winrm/winrm_cmd
|
||||
* auxiliary/scanner/winrm/winrm_wql
|
||||
* auxiliary/scanner/winrm/winrm_login
|
||||
* auxiliary/scanner/winrm/winrm_auth_methods
|
||||
* exploits/windows/winrm/winrm_script_exec
|
||||
|
||||
# chinese caidao
|
||||
### Ports
|
||||
* 80 - HTTP
|
||||
|
||||
### Credentials
|
||||
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)
|
||||
|
||||
### Access
|
||||
* Point your browser on metasploitable3 to http://localhost/caidao.asp
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open services.msc. Stop the World Wide Web Publishing service.
|
||||
* Start: Open services.msc. Start the World Wide Web Publishing service.
|
||||
|
||||
### Modules
|
||||
* auxiliary/scanner/http/caidao_bruteforce_login
|
||||
|
||||
# ManageEngine
|
||||
### Ports
|
||||
|
||||
8020 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
Username: admin
|
||||
Password: admin
|
||||
|
||||
### Access
|
||||
|
||||
On Metasploitable3, point your browser to http://localhost:8020.
|
||||
Login with the above credentials.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop ManageEngine Desktop Central Server```
|
||||
* Start: In command prompt, do ```net start ManageEngine Desktop Central Server```
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2015-8249
|
||||
|
||||
### Modules
|
||||
|
||||
* exploit/windows/http/manageengine_connectionid_write
|
||||
|
||||
# ElasticSearch
|
||||
### Ports
|
||||
|
||||
9200 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
No credentials needed
|
||||
|
||||
### Access
|
||||
|
||||
On Metasploitable3, point your browser to http://localhost:9200.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop elasticsearch-service-x64```
|
||||
* Start: In command prompt, do ```net start elasticsearch-service-x64```
|
||||
|
||||
### Vulnerability IDs
|
||||
|
||||
* CVE-2014-3120
|
||||
|
||||
### Modules
|
||||
|
||||
* exploit/multi/elasticsearch/script_mvel_rce
|
||||
|
||||
# Apache Axis2
|
||||
### Ports
|
||||
|
||||
8282 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
No credentials needed
|
||||
|
||||
### Access
|
||||
|
||||
On Metasploitable3, point your browser to http://localhost:8282/axis2.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
Log into Apache Tomcat, and start or stop from the application manager.
|
||||
|
||||
### Vulnerability IDs
|
||||
|
||||
* CVE-2010-0219
|
||||
|
||||
### Modules
|
||||
|
||||
* exploit/multi/http/axis2_deployer
|
||||
|
||||
# WebDAV
|
||||
|
||||
### Ports
|
||||
|
||||
8585 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
No credentials needed
|
||||
|
||||
### Access
|
||||
|
||||
See the PR here: https://github.com/rapid7/metasploitable3/pull/16
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop wampapache```
|
||||
* Start: In command prompt, do ```net start wampapache```
|
||||
|
||||
### Modules
|
||||
|
||||
* auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)
|
||||
|
||||
# SNMP
|
||||
|
||||
### Ports
|
||||
|
||||
161 - UDP
|
||||
|
||||
### Credentials
|
||||
|
||||
Community String: public
|
||||
|
||||
### Access
|
||||
|
||||
Load the auxiliary/scanner/snmp/snmp_enum module in Metasploit and to parse the SNMP data.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop snmp```
|
||||
* Start: In command prompt, do ```net start snmp```
|
||||
|
||||
### Modules
|
||||
|
||||
* auxiliary/scanner/snmp/snmp_enum
|
||||
|
||||
# MySQL
|
||||
|
||||
### Ports
|
||||
|
||||
3306 - TCP
|
||||
|
||||
### Credentials
|
||||
|
||||
U: root
|
||||
P: <no password>
|
||||
|
||||
### Access
|
||||
|
||||
Use the mysql client to connect to port 3306 on Metasploitable3.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop wampmysql```
|
||||
* Start: In command prompt, do ```net start wampmysql```
|
||||
|
||||
### Modules
|
||||
|
||||
* windows/mysql/mysql_payload
|
||||
|
||||
# JMX
|
||||
|
||||
### Ports
|
||||
|
||||
1617 - TCP
|
||||
|
||||
### Credentials
|
||||
|
||||
No credentials needed
|
||||
|
||||
### Access
|
||||
|
||||
Download the connector client and use the instructions found here: http://docs.oracle.com/javase/tutorial/jmx/remote/index.html
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop jmx```
|
||||
* Start: In command prompt, do ```net start jmx```
|
||||
|
||||
### Vulnerability IDs
|
||||
|
||||
* CVE-2015-2342
|
||||
|
||||
### Modules
|
||||
|
||||
* multi/misc/java_jmx_server
|
||||
|
||||
# Wordpress
|
||||
|
||||
### Ports
|
||||
|
||||
8585 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
No credentials needed
|
||||
|
||||
### Access
|
||||
|
||||
On Metasploitable3, point your browser to http://localhost:8585/wordpress.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop wampapache```
|
||||
* Start: In command prompt, do ```net start wampapache```
|
||||
|
||||
### Vulnerable Plugins
|
||||
|
||||
* NinjaForms 2.9.42 - CVE-2016-1209
|
||||
|
||||
### Modules
|
||||
|
||||
* unix/webapp/wp_ninja_forms_unauthenticated_file_upload
|
||||
|
||||
# Remote Desktop
|
||||
|
||||
### Ports
|
||||
|
||||
3389 - RDP
|
||||
|
||||
### Credentials
|
||||
|
||||
Any Windows credentials
|
||||
|
||||
### Access
|
||||
|
||||
Use a remote desktop client. Either your OS already has one, or download a 3rd party.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: ```net stop rdesktop```
|
||||
* Start: ```net start rdesktop```
|
||||
|
||||
### Modules
|
||||
N/A
|
||||
|
||||
# PHPMyAdmin
|
||||
|
||||
### Ports
|
||||
|
||||
8585 - HTTP
|
||||
|
||||
### Credentials
|
||||
|
||||
U: root
|
||||
P: <no password>
|
||||
|
||||
### Access
|
||||
|
||||
On Metasploitable3, point your browser to http://localhost:8585/phpmyadmin.
|
||||
|
||||
### Start/Stop
|
||||
|
||||
* Stop: In command prompt, do ```net stop wampapache```
|
||||
* Start: In command prompt, do ```net start wampapache```
|
||||
|
||||
### Vulnerability IDs
|
||||
|
||||
* CVE-2013-3238
|
||||
|
||||
### Modules
|
||||
|
||||
* multi/http/phpmyadmin_preg_replace
|
||||
|
||||
# Ruby on Rails
|
||||
### Ports
|
||||
* 3000- HTTP
|
||||
|
||||
### Credentials
|
||||
N/A
|
||||
|
||||
### Access
|
||||
* On Metasploitable3, point your browser to http://localhost:3000.
|
||||
|
||||
### Start/Stop
|
||||
* Stop: Open task manager and kill the ruby.exe process
|
||||
* Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
|
||||
|
||||
### Vulnerability IDs
|
||||
* CVE-2015-3224
|
||||
|
||||
### Modules
|
||||
* exploit/multi/http/rails_web_console_v2_code_exec
|
||||
|
|
Loading…
Reference in New Issue