Metasploitable 3 Ubuntu Walkthrough: Part VI

Exploiting Port 631 – CUPS

The Metasploitable 3 VM is running the C Unix Printing System (CUPS) with the web-based interface enabled:

A remote attacker can exploit CUPS to execute arbitrary commands via crafted fields during the creation or modification of a printer. The 'PRINTER_INFO' and 'PRINTER_LOCATION' fields can be configured to contain arbitrary commands which will be executed when a print job is submitted, provided the remote host is running a vulnerable version of Bash.

Searching in MSF you will find one exploit for this service:

Let’s use it:

The exploit fails due to a configuration error in the Metasploitable 3 VM. You can read about the details here:

https://github.com/rapid7/metasploitable3/issues/459

In order for this exploit to work one of the possible solutions is to add the vagrant user (or any other user) to the lpadmin group by running the below command as root on the Metasploitable VM:

Now the lpadmin group is no longer empty and the vagrant user has the permission to add a printer to the system.

Unfortunately, the exploit still fails…

Exploiting Port 3500 – Ruby on Rails

Ruby on Rails, or Rails, is a server-side web application framework written in Ruby. Rails is a model-view-controller framework, providing default structures for a database, a web service, and web pages. The service has an entry page but we can’t get anything useful from it:

Therefore, it might be a good idea to fuzz the landing page in order to find additional pages that might held some more information.

Enumerating Rails using Web Fuzzer

The Web Fuzzer is a tool been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

This leads to the discovery of the readme page

Enumerating Rails using Metasploit

Not as flexible as WFuzz, but Metasploit can also get the job done as long as you provide it the right dictionary file:

Time to see what the readme page has to offer:

Clicking on the logos takes you to OS specific pages with the “os” parameter set in the URL:

http://172.16.3.3:3500/readme?os=windows
http://172.16.3.3:3500/readme?os=linux

It appears to be a dead end but it always worth to dig in a little deeper.

Directory Traversal

Try to do some directory traversal with the “os” parameter, looking for the passwd file (containing the word root):

The results are a little messy but some of them are useful:

Exploiting Rails using Metasploit

A bit of research will reveal the existence of a vulnerability in the version of the service and the availability of the appropriate MSF module. Time to put the readme page and the os parameter to good use…

Notice the chewbacca user is a member of the docker group… this is interesting and might be helpful in the future.

7 comments:

Cyberspaceshield said...: Cyberspaceshield is a company with group of certified hacker, who are always ready to assist you with all your cyber problems.

We’ve been in existence for ages now, we are reliable and helpful in terms of cyber bullying.

We can help you get all your cyber threats and bullies solved in less than what you can ever imagine.

These are somethings we specializes on:

➡️ Phone hacks/cloning

➡️ Credit scores Repair

➡️ Social media Hacks (Facebook, Instagram, tik tok).

➡️ Binary options

➡️ Binary Recovery

➡️ Clear criminal records etc.

The internet is full of scammers, that’s why we’re here to help you fight them out.

If you’ve been a victim of scam, don’t hesitate to write us on

EMAIL: Cyberspaceshield@gmail.com

Thank you!!!; November 2, 2021 at 1:57 PM
Peeter said...: Fresh Fullz & Tools Available

SSN DOB DL Fullz
High Credit Scores Pros
CC Fullz with CVV
Dumps with Pin Codes 101 & 202
Business EIN Fullz
Office365 Leads & Logs
SMTP's/RDP's
Shells/C-panels
Web mailers/Senders
Spamming/Hacking Full Package
Carding Methods/Loan Methods

Bulk Fullz also available
Fresh & Genuine Stuff

Telegram @leadsupplier
ICQ 752822040; March 6, 2023 at 5:48 PM
Graham Cynthia said...: Cybercriminals take advantage of the low understanding surrounding digital assets to attract potential investors and make off with their money. They promise high returns on investments, with little-to-no risk. GearHead Engineers, a group of white hackers who use their tactics to help victims back on their feet by tracking and recovering funds stolen by cybercriminals. Email gearhead@engineer.com; March 20, 2023 at 8:55 PM
Cool Stuff said...: FULLZ|PROS|LEADS|INFO AVAILABLE

SSN DOB DL FULLZ
SSN DOB ADDRESS FULLZ
SIN DOB ADDRESS MMN FULLZ
NIN DOB ADDRESS SORT CODE ACCOUNT NUMBER
DL Front Back with Selfie USA UK CA
DL Front Back with SSN
DL Fullz with Issue & Exp Dates
DL Fullz with W-2 Forma
Young Age Kids Leads 2011-2022
Old Age Fullz 1960 Below
Sweep Stakes Leads
Pay Day Leads
Email Leads
CC with CVV
UK USA Canada Leads info
Loan Leads
Medicare Leads
Car Database with registration number leads
Loan Methods
Cash out Methods

*Fresh Leads & Fullz available
*Updated 2025 Database
*Bulk quantity available
*Bad, Invalid, wrong & unmatched info will be replaced

#fullz #usafullz #canadafullz #SSNFULLZ #SSNleads #UKfullz #ninleads #ninfullz
#ccshop #cvvdumps #fullzusacanadauk #ccusa #Dumpswithpin #deadfullz #kidfullz
#kidsusaleads #youngageleads #dlscanusa #realdlusa #realpassport #usadlscans #canadaDL #UKDL

CONTACT US FOR THE STUFF

=Tele Gr@m - @ killhacks / @ leadsupplier
=What's App - (+1) 7 2 7 7 8 8 6 1 2 9
=TG Channel - t.me/leadsproviderworldwide
=VK Messenger ID - @ leadsupplier
=Skype - @ peeterhacks
=Email - hacksp007 at gmail dot com; March 14, 2025 at 7:16 PM
AlbertZoni said...: Hey guys!!!
We are providing
High-Quality Leads ---Premium Database...

SSN DOB DL Address
SSN DOB DL Address Phone email
Real DL|ID Front Back with Selfie & SSN
UK NIN DOB DL ADDRESS
CANADIAN & GERMANY INFOS
TAX RETURN
LOAN
SIN DOB ADDRESS MMN PHONE
BUSINESS EIN COMPANY PROS
DEAD FULLZ
SWEEP STAKES
CC WITH CVV
PAYDAY LEADS
Verified Email Database
HOME OWNER LEADS
EMPLOYEE
FOREX DATABASE
DUMPS WITH PIN TRACK 101 & 202
DATA FOR TAX RETURN
AMAZON
TUTORIALS
TOOLS

Available in Bulk
Be aware of scammers

For more infos DM
telegram @Albertz10
telegram channel https://t.me/LeadsSellers
whats app +44 7700 137680

#USAFULLZ #ssndobdl #ssnpros #fullzprosleads #usaleads#UKFULLZ #CANADAFULLZ#BTC #ETH#CRYPTOCURRENCY #MAGA#SWEEPSTAKES #DEADFULLZ #OLDAGEFULLZ #TAXRETURN #ccfullz #FULLZSELLER #CCSHOP
#MAGA#NIN #VERFIEDSELLER #REALDLS #FULLZSELLER; September 13, 2025 at 6:20 PM
malisa smith said...: We are providing you fresh Database
SSN Fullz | Real DLs | Company Ein | Combos | Emails | Passports | Leads

SSN SIN DOB Address Phone Email
SSN DOB DL Address Employement & Bank Info Routing number
UK NIN DOB DL Address Sort Code
SIN DOB Address MMN Phone Email
Real DL Scan Front back with selfie & SSN
Business EIN Company Pros
Dead Fullz
Sweep Stakes
CC with CVV
Dumps with Pin Track 101 & 202
DL Fullz with Issue & Exp Dates
DL Fullz with MVR
DL Fullz for KYC
DL Fullz with W-2 Forms
DL Front Back Scan Docs with SSN
Bulk UK Fullz
UK young & Old age Fullz
UK CC with CVV fullz
High Credit Scores UK fullz Pros
UK phone numbers & emails Leads

CONTACT US
------->
------>Tele gram -> ⁭@Malisa72
I make sure you'll to happy if do business with me

ssnfullz#usafullz#ssndobdl #ssnpros #fullzprosleads #usaleads#ukfullz#canadianfullz#BTC #ETH#Cryptocurrency #MAGA#Sweepstakes #Dead fullz #Old age fullz #taxreturn#seller; October 15, 2025 at 1:28 PM
Silas Clark said...: Get Quality Leads, Fullz, Pros, Database

(USA STUFF)
--------------------------------
| SSN DOB DL Address Employee & Bank Info Fullz
| Bank Account & Routing Numbers
| USA DL Front back with Selfie
| USA Passport Photos
| Cars Database with MVR
| USA LLC Docs with DL Photos
| DL Fullz with Issue & Expiry Dates
| Get Specific States, Cities, Gender, Age, Zip codes
| USA CC's with CVV Fullz
| High Credit Score Pros
| Young & Old Age Fullz
| Business EIN Company Fullz
| USA Email Combos

(UK STUFF)
--------------------------------
| NIN DOB Address Fullz Sort Code Account Number
| NIN, DOB, DL Address Fullz
| UK DL Front Back with Selfie & Passports
| NIN Dob address info in bulk
| UK CC's with CVV Fullz
| All UK Counties Fullz
| UK Email Combos

(CANADA STUFF)
--------------------------------
| SIN DOB Address Fullz
| SIN DOB Address MMN EMAIL & Phone Info Fullz
| DL Front Back with Selfie
| CA CC's with CVV Fullz
| Canada All states DL & Passport Photos
| Canada Email Combos

USA Headers:
FIRST NAME|MIDDLE NAME|LAST NAME|SSN|DOB|DL NUMBER |DL STATE|PHONE HM|PHONE WORK|PHONE CELL|EMAIL|ADDRESS|
|CITY|STATE|ZIP|RESIDENT STATUS|EMPLOYER|OCCUPATION|JOB STATUS|MONTHLY INCOME|ROUTING NUMBER|ACCOUNT NUMBER

UK Headers:
FIRST NAME|SURNAME|DATE OF BIRTH|NI NUMBER|ADDRESS|CITY|STATE|POST CODE|EMAIL ADDRESS|NUMBER|SORT CODE|ACCOUNT NUMBER|ACCOUNT NAME

CANADA Headers:
FIRST NAME |LAST NAME |ADDRESS |CITY |STATE |COUNTRY |DOB |SIN |PHONE |EMAIL |MMN |ZIPCODE

(ADVANCE TOOLS & TUTORIALS)
---------------------------------------------
Spamming Complete Package
Hacking Complete Package
CC & Dumps Tutorials
CC hacking tutorials
Scam Pages & Scam Page Scripting
C-panels & Web-mailers
SMTP RDP Shells
Bulk SMS Sender PC/Mob
Kali Linux Package with Tutorial
Cash out & Transfer Methods

Available 24/7 at:
WhatsApp – (+1) 605... 846... 1870..
Telegram – @ Fullzpros (Watch out for cloned names)
TG Chanel – @ bigdatatrader
Mail – Silasclark99 at gmail dot com
VK ID – Fullzpros; December 11, 2025 at 10:16 PM