Learning Pentesting with Metasploitable3 / Part 1

Introduction: Metasploitable is back with version 3, which includes lot more interesting vulnerabilities. Metasploitable3 is special because it is not a pre-configured downloadable VM. The user himself can configure it, and the user can also decide target version of Windows. By its name, Metasploitable is a designed to practice attacks with Metasploit Framework. Nevertheless, it […]

Analyzing Stuxnet Với Volatility

Download stuxnet vmem https://drive.google.com/open?id=0B23yo4Wg98gBUE1zSDhoVjVNOEU Determine Volatility Image Determine Which Profile to Use Instructions cd /pentest/forensics/volatility-2.2 chmod 700 vol.py Make vol.py executable. ./vol.py imageinfo -f images/stuxnet/stuxnet.vmem Note(FYI): For this image Volatility tells us to use the WinXPSP3x86 profile. Section 1. Analyze Stuxnet Process Tree Basic Stuxnet Description Note(FYI): A normal Windows XP installation has just one instance […]

Exploiting CVE-2015-8562 (A New Joomla! RCE)

Introduction: A critical remote code execution(RCE) vulnerability was discovered in Joomla! websites. This is making a lot of noise because of the following reasons. It appears that attackers started exploiting this even before the disclosure(0-day). It is very easy to exploit this vulnerability. Almost all the versions of Joomla are vulnerable under with certain conditions. […]

Learning Pentesting with Metasploitable3 – Part 2

Introduction: This is the second part in this series of articles on Learning Pentesting with Metasploitable3. We have prepared our lab setup in our previous article. This article shows the Information Gathering techniques that are typically used during Penetration Testing by using Metasploitable3 VM. This phase is crucial during a penetration test as we will proceed […]

Learning Pentesting with Metasploitable3: Exploiting Elasticsearch

Introduction: In the second part of this series, we discussed how we could gather information about our target to proceed with the exploitation phase. Let’s begin to use that information gathered and exploit some of the interesting vulnerabilities to gain access to the target. Though one vulnerability is enough to get a shell on the […]

Learning Pentesting with Metasploitable3: Exploiting WebDAV 2

Introduction: In the third part of this series, we discussed how to exploit Metasploitable3 using a vulnerability in Elasticsearch 1.1.1. As mentioned in one of the previous articles, we will discuss multiple ways to gain access to Metasploitable3. In this article, we will exploit WebDAV vulnerability both manually and use the Metasploit framework. As usual, […]

Learning Pentesting with Metasploitable3: Exploiting WordPress

Introduction: This is part 5 in the series of articles on learning pentesting with Metasploitable3. In the previous article, we discussed how WebDAV could be used to gain access to Metasploitable3. We used WebDAV vulnerability to obtain a shell both manually and using the Metasploit framework. This article introduces another interesting vulnerability that can be used to […]

Learning Pentesting with Metasploitable3: (Exploiting WebDAV)

Introduction: In the third part of this series, we discussed how to exploit Metasploitable3 using a vulnerability in Elasticsearch 1.1.1. As mentioned in one of the previous articles, we will discuss multiple ways to gain access to Metasploitable3. In this article, we will exploit WebDAV vulnerability both manually and using the Metasploit framework. As usual, […]

Exploitation of Metasploitable 3 using Glassfish Service

Target: Metasploitable 3 Attacker: Kali Linux Use nmap command for scanning the target PC. NMAP will show all available open ports and their running services. Type the following command on terminal in kali Linux for aggressive scan. nmap –p- -A 192.168.1.14 Open target IP on browser with one of unknown port 4848as 192.168.1.14:4848 Start metasploit framework […]

Hack Metasploitable 3 using Mysql Service Exploitation

Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. Use nmap command for scanning the target PC. NMAP shown all available open ports and their services today this article will cover MYSQL attack for which it requires open port. Type the following command on terminal in […]