-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Vulnerabilities
- 4848 - HTTP
- 8080 - HTTP
- 8181 - HTTPS
- Username: admin
- Password: sploit
- On Metasploitable3, point your browser to http://localhost:4848.
- Login with the above credentials.
- Stop: Open task manager and kill the java.exe process running glassfish
- Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
- CVE-2011-0807
- exploits/multi/http/glassfish_deployer
- auxiliary/scanner/http/glassfish_login
- 8282 - HTTP
- Apache Tomcat Web Application Manager
- U: sploit
- P: sploit
- To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- CVE-2016-3087
- exploit/multi/http/struts_dmi_rest_exec
- 8282 - HTTP
- U: sploit
- P: sploit
- To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.
- Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
- Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.
- CVE-2009-3843
- CVE-2009-4189
- auxiliary/scanner/http/tomcat_enum
- auxiliary/scanner/http/tomcat_mgr_login
- exploits/multi/http/tomcat_mgr_deploy
- exploits/multi/http/tomcat_mgr_upload
- post/windows/gather/enum_tomcat
- 8484 - HTTP
- None enabled by default
- Point your browser on Metasploitable3 to http://localhost:8484.
- Stop: Open services.msc. Stop the jenkins service.
- Start: Open services.msc. Start the jenkins service.
- exploits/multi/http/jenkins_script_console
- auxiliary/scanner/http/jenkins_enum
- 21 - FTP
Windows credentials
Any FTP client should work
- Stop:
net stop msftpsvc
- Start:
net start msftpsvc
- auxiliary/scanner/ftp/ftp_login
- 80 - HTTP
- U: vagrant
- P: vagrant
- Point your browser on Metasploitable3 to http://localhost.
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- CVE-2015-1635
- auxiliary/dos/http/ms15_034_ulonglongadd
- 445 - SMB
- 139 - NetBIOS
- Any credentials valid for Metasploitable3 should work. See the list here
- Use the psexec tool to run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
- exploits/windows/smb/psexec
- exploits/windows/smb/psexec_psh
- 22 - SSH
- Any credentials valid for Metasploitable3 should work. See the list here
- Use an SSH client to connect and run commands remotely on the target.
- Enabled by default
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
- 5985 - HTTPS
- Any credentials valid for Metasploitable3 should work. See the list here
- Stop: Open services.msc. Stop the Windows Remote Management service.
- Start: Open services.msc. Start the Windows Remote Management service.
- Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
- auxiliary/scanner/winrm/winrm_cmd
- auxiliary/scanner/winrm/winrm_wql
- auxiliary/scanner/winrm/winrm_login
- auxiliary/scanner/winrm/winrm_auth_methods
- exploits/windows/winrm/winrm_script_exec
- 80 - HTTP
- Any credentials valid for Metasploitable3 should work. See the list here
- Point your browser on metasploitable3 to http://localhost/caidao.asp
- Stop: Open services.msc. Stop the World Wide Web Publishing service.
- Start: Open services.msc. Start the World Wide Web Publishing service.
- auxiliary/scanner/http/caidao_bruteforce_login
8020 - HTTP
Username: admin Password: admin
On Metasploitable3, point your browser to http://localhost:8020. Login with the above credentials.
- Stop: In command prompt, do
net stop ManageEngine Desktop Central Server
- Start: In command prompt, do
net start ManageEngine Desktop Central Server
- CVE-2015-8249
- exploit/windows/http/manageengine_connectionid_write
9200 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:9200.
- Stop: In command prompt, do
net stop elasticsearch-service-x64
- Start: In command prompt, do
net start elasticsearch-service-x64
- CVE-2014-3120
- exploit/multi/elasticsearch/script_mvel_rce
8282 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:8282/axis2.
Log into Apache Tomcat, and start or stop from the application manager.
- CVE-2010-0219
- exploit/multi/http/axis2_deployer
8585 - HTTP
No credentials needed
See the PR here: https://github.com/rapid7/metasploitable3/pull/16
- Stop: In command prompt, do
net stop wampapache
- Start: In command prompt, do
net start wampapache
- auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)
161 - UDP
Community String: public
Load the auxiliary/scanner/snmp/snmp_enum module in Metasploit and to parse the SNMP data.
- Stop: In command prompt, do
net stop snmp
- Start: In command prompt, do
net start snmp
- auxiliary/scanner/snmp/snmp_enum
3306 - TCP
U: root P:
Use the mysql client to connect to port 3306 on Metasploitable3.
- Stop: In command prompt, do
net stop wampmysql
- Start: In command prompt, do
net start wampmysql
- windows/mysql/mysql_payload
1617 - TCP
No credentials needed
Download the connector client and use the instructions found here: http://docs.oracle.com/javase/tutorial/jmx/remote/index.html
- Stop: In command prompt, do
net stop jmx
- Start: In command prompt, do
net start jmx
- CVE-2015-2342
- multi/misc/java_jmx_server
8585 - HTTP
No credentials needed
On Metasploitable3, point your browser to http://localhost:8585/wordpress.
- Stop: In command prompt, do
net stop wampapache
- Start: In command prompt, do
net start wampapache
- NinjaForms 2.9.42 - CVE-2016-1209
- unix/webapp/wp_ninja_forms_unauthenticated_file_upload
3389 - RDP
Any Windows credentials
Use a remote desktop client. Either your OS already has one, or download a 3rd party.
- Stop:
net stop rdesktop
- Start:
net start rdesktop
N/A
8585 - HTTP
U: root P:
On Metasploitable3, point your browser to http://localhost:8585/phpmyadmin.
- Stop: In command prompt, do
net stop wampapache
- Start: In command prompt, do
net start wampapache
- CVE-2013-3238
- multi/http/phpmyadmin_preg_replace
- 3000- HTTP
N/A
- On Metasploitable3, point your browser to http://localhost:3000.
- Stop: Open task manager and kill the ruby.exe process
- Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.
- CVE-2015-3224
- exploit/multi/http/rails_web_console_v2_code_exec