# METASPLOITABLE 3
# GlassFish
### Ports
* 4848 - HTTP
* 8080 - HTTP
* 8181 - HTTPS

### Credentials
* Username: admin
* Password: sploit

### Access
* On Metasploitable3, point your browser to http://localhost:4848.
* Login with the above credentials.

### Start/Stop
* Stop: Open task manager and kill the java.exe process running glassfish
* Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.

### Vulnerability IDs
* CVE-2011-0807

### Modules
* exploits/multi/http/glassfish_deployer
* auxiliary/scanner/http/glassfish_login

# Apache Struts
### Ports
* 8282 - HTTP

### Credentials
* Apache Tomcat Web Application Manager
  * U: sploit
  * P: sploit

### Access
* To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
* To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

### Start/Stop
* Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
* Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

### Vulnerability IDs
* CVE-2016-3087

### Modules
* exploit/multi/http/struts_dmi_rest_exec

# Tomcat
### Ports
* 8282 - HTTP

### Credentials
* U: sploit
* P: sploit

### Access
* To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

### Start/Stop
* Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
* Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

### Vulnerability IDs
* CVE-2009-3843
* CVE-2009-4189

### Modules
* auxiliary/scanner/http/tomcat_enum
* auxiliary/scanner/http/tomcat_mgr_login
* exploits/multi/http/tomcat_mgr_deploy
* exploits/multi/http/tomcat_mgr_upload
* post/windows/gather/enum_tomcat

# Jenkins
### Ports
* 8484 - HTTP

### Credentials
* None enabled by default

### Access
* Point your browser on Metasploitable3 to http://localhost:8484.

### Start/Stop
* Stop: Open services.msc. Stop the jenkins service.
* Start: Open services.msc. Start the jenkins service.

### Modules
* exploits/multi/http/jenkins_script_console
* auxiliary/scanner/http/jenkins_enum

# IIS - FTP
### Ports
* 21 - FTP

### Credentials
Windows credentials

### Access
Any FTP client should work

### Start/Stop
* Stop: ```net stop msftpsvc```
* Start: ```net start msftpsvc```

### Modules
* auxiliary/scanner/ftp/ftp_login

# IIS - HTTP
### Ports
* 80 - HTTP

### Credentials
* U: vagrant
* P: vagrant

### Access
* Point your browser on Metasploitable3 to http://localhost.

### Start/Stop
* Stop: Open services.msc. Stop the World Wide Web Publishing service.
* Start: Open services.msc. Start the World Wide Web Publishing service.

### Vulnerability IDs
* CVE-2015-1635

### Modules
* auxiliary/dos/http/ms15_034_ulonglongadd

# psexec
### Ports
* 445 - SMB
* 139 - NetBIOS

### Credentials
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)

### Access
* Use the [psexec tool](https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx) to run commands remotely on the target.

### Start/Stop
* Enabled by default

### Vulnerabilities
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.

### Modules
* exploits/windows/smb/psexec
* exploits/windows/smb/psexec_psh

# SSH
### Ports
* 22 - SSH

### Credentials
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)

### Access
* Use an SSH client to connect and run commands remotely on the target.

### Start/Stop
* Enabled by default

### Vulnerabilities
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.

### Modules

# WinRM
### Ports
* 5985 - HTTPS

### Credentials
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)

### Access

### Start/Stop
* Stop: Open services.msc. Stop the Windows Remote Management service.
* Start: Open services.msc. Start the Windows Remote Management service.

### Vulnerabilities
* Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.

### Modules
* auxiliary/scanner/winrm/winrm_cmd
* auxiliary/scanner/winrm/winrm_wql
* auxiliary/scanner/winrm/winrm_login
* auxiliary/scanner/winrm/winrm_auth_methods
* exploits/windows/winrm/winrm_script_exec

# chinese caidao
### Ports
* 80 - HTTP

### Credentials
* Any credentials valid for Metasploitable3 should work. See the list [here](https://github.com/rapid7/metasploitable3/wiki/Configuration#credentials)

### Access
* Point your browser on metasploitable3 to http://localhost/caidao.asp

### Start/Stop
* Stop: Open services.msc. Stop the World Wide Web Publishing service.
* Start: Open services.msc. Start the World Wide Web Publishing service.

### Modules
* auxiliary/scanner/http/caidao_bruteforce_login

# ManageEngine
### Ports

8020 - HTTP

### Credentials

Username: admin
Password: admin

### Access

On Metasploitable3, point your browser to http://localhost:8020.
Login with the above credentials.

### Start/Stop

* Stop: In command prompt, do ```net stop ManageEngine Desktop Central Server```
* Start: In command prompt, do ```net start ManageEngine Desktop Central Server```

### Vulnerability IDs
* CVE-2015-8249

### Modules

* exploit/windows/http/manageengine_connectionid_write

# ElasticSearch
### Ports

9200 - HTTP

### Credentials

No credentials needed

### Access

On Metasploitable3, point your browser to http://localhost:9200.

### Start/Stop

* Stop: In command prompt, do ```net stop elasticsearch-service-x64```
* Start: In command prompt, do ```net start elasticsearch-service-x64```

### Vulnerability IDs

* CVE-2014-3120

### Modules

* exploit/multi/elasticsearch/script_mvel_rce

# Apache Axis2
### Ports

8282 - HTTP

### Credentials

No credentials needed

### Access

On Metasploitable3, point your browser to http://localhost:8282/axis2.

### Start/Stop

Log into Apache Tomcat, and start or stop from the application manager.

### Vulnerability IDs

* CVE-2010-0219

### Modules

* exploit/multi/http/axis2_deployer

# WebDAV

### Ports

8585 - HTTP

### Credentials

No credentials needed

### Access

See the PR here: https://github.com/rapid7/metasploitable3/pull/16

### Start/Stop

* Stop: In command prompt, do ```net stop wampapache```
* Start: In command prompt, do ```net start wampapache```

### Modules

* auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)

# SNMP

### Ports

161 - UDP

### Credentials

Community String: public

### Access

Load the auxiliary/scanner/snmp/snmp_enum module in Metasploit and to parse the SNMP data.

### Start/Stop

* Stop: In command prompt, do ```net stop snmp```
* Start: In command prompt, do ```net start snmp```

### Modules

* auxiliary/scanner/snmp/snmp_enum

# MySQL

### Ports

3306 - TCP

### Credentials

U: root
P: <no password>

### Access

Use the mysql client to connect to port 3306 on Metasploitable3.

### Start/Stop

* Stop: In command prompt, do ```net stop wampmysql```
* Start: In command prompt, do ```net start wampmysql```

### Modules

* windows/mysql/mysql_payload

# JMX

### Ports

1617 - TCP

### Credentials

No credentials needed

### Access

Download the connector client and use the instructions found here: http://docs.oracle.com/javase/tutorial/jmx/remote/index.html

### Start/Stop

* Stop: In command prompt, do ```net stop jmx```
* Start: In command prompt, do ```net start jmx```

### Vulnerability IDs

* CVE-2015-2342

### Modules

* multi/misc/java_jmx_server

# Wordpress

### Ports

8585 - HTTP

### Credentials

No credentials needed

### Access

On Metasploitable3, point your browser to http://localhost:8585/wordpress.

### Start/Stop

* Stop: In command prompt, do ```net stop wampapache```
* Start: In command prompt, do ```net start wampapache```

### Vulnerable Plugins

* NinjaForms 2.9.42 - CVE-2016-1209

### Modules

* unix/webapp/wp_ninja_forms_unauthenticated_file_upload

# Remote Desktop

### Ports

3389 - RDP

### Credentials

Any Windows credentials

### Access

Use a remote desktop client. Either your OS already has one, or download a 3rd party.

### Start/Stop

* Stop: ```net stop rdesktop```
* Start: ```net start rdesktop```

### Modules
N/A

# PHPMyAdmin

### Ports

8585 - HTTP

### Credentials

U: root
P: <no password>

### Access

On Metasploitable3, point your browser to http://localhost:8585/phpmyadmin.

### Start/Stop

* Stop: In command prompt, do ```net stop wampapache```
* Start: In command prompt, do ```net start wampapache```

### Vulnerability IDs

* CVE-2013-3238

### Modules

* multi/http/phpmyadmin_preg_replace

# Ruby on Rails
### Ports
* 3000- HTTP

### Credentials
N/A

### Access
* On Metasploitable3, point your browser to http://localhost:3000.

### Start/Stop
* Stop: Open task manager and kill the ruby.exe process
* Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.

### Vulnerability IDs
* CVE-2015-3224

### Modules
* exploit/multi/http/rails_web_console_v2_code_exec