Jump to content

Damn Vulnerable Linux Worthwhile?


iisjman07
 Share

Recommended Posts

Per https://community.rapid7.com/docs/DOC-1514

Metasploitable Readme

System credentials:

-------------------

msfadmin:msfadmin

user:user

service:service

postgres:postgres

(2 other system accounts)

Discovery:

-------------

ftp 21/tcp 220 ProFTPD 1.3.1 Server (Debian) [::ffff:127.0.0.1]

ssh 22/tcp SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1

telnet 23/tcp Ubuntu 8.04\x0avulnerability login:

smtp 25/tcp 220 ubuntu804-base.localdomain ESMTP Postfix (Ubuntu)

dns 53/tcp ISC BIND 9.4.2

dns 53/udp ISC BIND 9.4.2

http 80/tcp Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch

netbios 137/udp VULNERABILITY:<00>:U :VULNERABILITY:<03>:U :VULNERABILITY:<20>:U :MSFVULN:<00>:G :MSFVULN:<1e>:G :00:00:00:00:00:00

smb 139/tcp

smb 445/tcp Unix Samba 3.0.20-Debian (language: Unknown) (domain:MSFVULN)

mysql 3306/tcp 5.0.51a-3ubuntu5

distccd 3632/tcp

postgres 5432/tcp 8.3.8

http 8180/tcp Apache-Coyote/1.1 (Tomcat 5.5)

Bruteforce:

-----------

smb Anonymous

ssh 6 sessions

telnet 6 sessions

bind n/a

apache 2 web apps (twiki and tikiwik)

postgres db compromise (postgres:postgres)

mysql db compromise (root:root)

tomcat 5.5 shelled (tomcat:tomcat)

Exploits:

---------

distcc Excellent 1 session on all ranking levels

tomcat_mgr_deploy Excellent requires credentials

tikiwiki_graph_formula Excellent 1 session on all ranking levels

twiki Excellent information disclosure

mysql_yassl_getname Good triggers crash, but not working

TODO:

-----

switch to a vulnerable version of sendmail

configure proftpd with vulnerabilities (sql injection? others? downgrade?)

Expected sessions:

------------------

From Bruteforce:

6 ssh, 6 telnet, 1 tomcat

From Exploit:

1 distcc and 1 tikiwiki_graph_formula

Visit here to see how Rapid7 suggest setting up a pen-test virtual network. Also has UltimateLAMP with more web services to exploit vs metasploitable. http://metasploit.com/help/test-lab.jsp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...