Metasploitable 3 Ubuntu Walkthrough: Part IV

Exploiting Port 80 – Apache Server

Let’s start by getting as much information as possible about the remote website. Let’s try getting some additional information with Metasploit:

Enumerating Apache Server using Metasploit

There is something interesting here; the /cgi-bin/ directory. Is there any exploit for this?

Looking for an exploit in the ExploitDB

There is a Metasploit module to exploit his vulnerability:

Exploiting Apache Server using Metasploit

Another failed attempt. This was supposed to work, but it didn’t…

Exploiting Port 80 – WebDAV

Let’s get more information about the target using Directory Buster:

Enumerating using Directory Buster

Enumerating using Directory Buster

The uploads directory appears to be promising. But is it writable? Let’s check it out. You can do WebDav Enumeration using Metasploit.

Testing WebDAV using Metasploit

As you can see, the uploads directory is writable and a number of different file formats can be uploaded over there.

From here you need to create a payload, deploy it, set up a listener, execute the payload and you will have a shell…!

For detailed step-by-step instructions using multiple tools and options, please check my other Metasploitable 3 tutorial.



3 comments:

No Name said...

**SSN FULLZ WITH HIGH CREDIT SCORES AVAILABLE**

>For tax filling/return
>SSN dob DL all info included
>For SBA & PUA filling
>Fresh spammed & Fresh database

**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**

=>Contact 24/7<=

Telegram > @killhacks
ICQ > 752822040
Skype > Peeterhacks
Wickr me > peeterhacks

FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES

*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included

CC & CVV'S ONLY USA AVAILABLE

SSN+DOB
SSN+DOB+DL
High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted

->You can buy few for testing
->Invalid info found, will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff

TOOLS & TUTORIALS AVAILABLE FOR
(Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)

Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
Bitcoin Hacking
Bitcoin Flasher
SQL Injector
Bitcoin flasher
Viruses
Keylogger & Keystroke Logger
Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
Bulk SMS Sender
Bitcoin Cracker
SMTP Linux Root
DUMPS track 1 and 2 with & without pin
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
PHP mailer
Server I.P's & Proxies
HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)

->Serious buyers are always welcome
->Big discount in bulk order
->Offer gives monthly, quarterly, half yearly & yearly
->Hope we do a great business together

CONTACT 24/7
Telegram > @killhacks
ICQ > 752822040
Skype > Peeterhacks
Wickr me > peeterhacks

Anonymous said...

SPARK CREDIT CARD HACK SOFTWARE - Price: $500 BTC
(File Size=18mb. Runs on Androids, iPhones, Tablets, iPads, Laptops and Desktops)

www.streamable.com/lc1tpl
www.streamable.com/s9k8nq


SPARK CRYPTOCURRENCIES PRIVATE KEYS SOFTWARE - Price: $500 BTC
(File Size=24mb. Runs on Androids, iPhones, Tablets, iPads, Laptops and Desktops)

*******************************************************************************
www.vidlii.com/watch?v=lUu54scCYU9
www.vidlii.com/watch?v=2nJ44BSyS3P


blackeels@outlook.com

John Goodman said...

I was in total dismay when I lost my entire savings investing in cryptocurrency, I was contacted online by a lady through email pretending to be an account manager of a bank, who told me I could make double my savings through cryptocurrency investment, I never imagined it would be a scam and I was going to lose everything. It went on for weeks until I realized that I have been scammed. All hope was lost, I was devastated and broke, fortunately for me, I came across an article on my local bulletin about Elite Wizard Bitcoin Recovery, I contacted them and provided all the information regarding my case, I was amazed at how quickly they recovered my cryptocurrency funds and was able to trace down those scammers. I’m truly grateful for their service and I recommend them to everyone who needs to recover their funds.I urge you to contact them if you have lost your bitcoin USDT or ETH through bitcoin investment

Email: eliterecovery247@cyber-wizard.com

Phone: +1 (740) 688-0116