Jump to content

Search the Community

Showing results for tags 'metasploitable 3 '.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 1 result

  1. I am a newbie to security and have started my learning by downloading Metasploitable 3 and trying to get into it using Metasploit's "script_mvel_rce" module to exploit Elasticsearch 1.1.1 At my home the exploit works and I get meterpreter shell with the following (in first trial without any glitches): VirtualBox 5.1.14, Metasploitable 3, Kali 2016.1, No proxies However at work, we have a corporate proxy for internet access, Windows Firewall turned on (that I am not allowed to change) and Symantec AV. However, for host only networks, it should not be an issue (I guess) once the downloads are all done and setup is done. The setup at work is: VirtualBox 5.1.26, Metasploitable 3, Kali 2017.1 When I try to use the same exploit, the Meterpreter shell gets closed immediately. msf exploit(script_mvel_rce) > exploit [*] Started reverse TCP handler on 192.168.56.102:4444 [*] Trying to execute arbitrary Java... [*] Discovering remote OS... [+] Remote OS is 'Windows Server 2008 R2' [*] Discovering TEMP path [+] TEMP path identified: 'C:\Windows\TEMP\' [*] Sending stage (49645 bytes) to 192.168.56.101 [*] Meterpreter session 1 opened (192.168.56.102:4444 -> 192.168.56.101:50385) at 2017-09-07 02:18:39 -0400 [*] 192.168.56.101 - Meterpreter session 1 closed. Reason: Died ^C[!] This exploit may require manual cleanup of 'C:\Windows\TEMP\UBB.jar' on the target [*] Exploit completed, but no session was created. I tried all the following: (1) compared the metasploit module from home setup (on Kali 2016.1) to that at home (Kali 2017.1). apart from minor print format differences, the module seems similar (2) disabled firewall on metasploitable 3 (3) disabled host-only network adapter on my host pc (my work computer) (4) ping work fine (when firewall disabled) between Kali and MS3 and back (5) on metasploitable 3, I can see a java process running taking high cpu usage Can someone please suggest what should be my next step to succeed with this exploit? Thanks in advance FYI, I have posted same question on StackOverflow, but no one replied: https://security.stackexchange.com/questions/168867/cannot-exploit-elasticsearch-on-metasploitable3
×
×
  • Create New...