Learning Pentesting with Metasploitable3 – Part 2

Introduction: This is the second part in this series of articles on Learning Pentesting with Metasploitable3. We have prepared our lab setup in our previous article. This article shows the Information Gathering techniques that are typically used during Penetration Testing by using Metasploitable3 VM. This phase is crucial during a penetration test as we will proceed […]

Learning Pentesting with Metasploitable3: Exploiting Elasticsearch

Introduction: In the second part of this series, we discussed how we could gather information about our target to proceed with the exploitation phase. Let’s begin to use that information gathered and exploit some of the interesting vulnerabilities to gain access to the target. Though one vulnerability is enough to get a shell on the […]

Learning Pentesting with Metasploitable3: Exploiting WebDAV 2

Introduction: In the third part of this series, we discussed how to exploit Metasploitable3 using a vulnerability in Elasticsearch 1.1.1. As mentioned in one of the previous articles, we will discuss multiple ways to gain access to Metasploitable3. In this article, we will exploit WebDAV vulnerability both manually and use the Metasploit framework. As usual, […]

Learning Pentesting with Metasploitable3: Exploiting WordPress

Introduction: This is part 5 in the series of articles on learning pentesting with Metasploitable3. In the previous article, we discussed how WebDAV could be used to gain access to Metasploitable3. We used WebDAV vulnerability to obtain a shell both manually and using the Metasploit framework. This article introduces another interesting vulnerability that can be used to […]

Learning Pentesting with Metasploitable3: (Exploiting WebDAV)

Introduction: In the third part of this series, we discussed how to exploit Metasploitable3 using a vulnerability in Elasticsearch 1.1.1. As mentioned in one of the previous articles, we will discuss multiple ways to gain access to Metasploitable3. In this article, we will exploit WebDAV vulnerability both manually and using the Metasploit framework. As usual, […]

Exploitation of Metasploitable 3 using Glassfish Service

Target: Metasploitable 3 Attacker: Kali Linux Use nmap command for scanning the target PC. NMAP will show all available open ports and their running services. Type the following command on terminal in kali Linux for aggressive scan. nmap –p- -A 192.168.1.14 Open target IP on browser with one of unknown port 4848as 192.168.1.14:4848 Start metasploit framework […]

Hack Metasploitable 3 using Mysql Service Exploitation

Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. Use nmap command for scanning the target PC. NMAP shown all available open ports and their services today this article will cover MYSQL attack for which it requires open port. Type the following command on terminal in […]

Hack Metasploitable 3 using Elasticsearch Exploit

Elastic search is a distributed REST search engine used in companies for analytic search. And so we will learn how to exploit our victim through it. Start off by nmap. nmap –p- -A 192.168.1.8 Nmap shows a splendid result and in the result you can see that HHTP service going on 9200 which is using […]

Manual Penetration Testing in Metasploitable 3

Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. I am using nmap command for scanning the target PC. Type the following command on terminal in kali Linux. nmap –p-  192.168.1.14 As you can see it is showing multiple unknown open ports but we are not […]

Hack Metasploitable 3 using SMB Service Exploitation

Target: Metasploitable 3 Attacker: Kali Linux  Scan the target IP to know the Open ports for running services. I am using nmap command for scanning the target PC. NMAP shown all available open ports and their services today this article will cover SMB login attack for which it requires open SMB port. Type the following […]