Problem identifying Apache Struts vulnerability on Metasploitable3

[bakerbaker]

I'm able to successfully exploit the Apache Struts vulnerability on port 8282 within Metasploitable3. The problem is, I'm not finding a way to detect the vulnerability exists. I've downloaded http-vuln-cve2018-5638 for nmap, but that doesn't show this vulnerability, and I've also attempted struts-pwn with no luck. Additionally, the Nessus scanner shows a critical vulnerability with ManageEngine on that port, which looks like an easy exploit but doesn't indicate Struts is a problem. 

Nmap shows "Apache Tomcat/Coyote JSP engine 1.1", "Apache-Coyote/1.1", and "Apache Tomcat/8.0.33".  Metasploit struts_dmi_rest_exec shows it's vulnerable, and as I stated, I can use this module to exploit the system. Can anyone point me to something outside of a manual check with Metasploit that I can use to check for this vulnerability? Thank you.

[digininja]

I've not got a link to hand but search the SANS webcasts for one on struts by Moses. He explains a lot about it and goes into details on how it works.

One of the things he explains is there is no way to detect the vulnerability without exploiting it. There are things to look for to spot that struts may be in use but nothing to reveal the exact versions.

[pentestgeek]

I've exploited/verified struts using Burp Suite.  Simply injecting a Java sleep 20 second delay versus 1 second delay will show PoC.  If you want to go full compromise you can use Java System calls to execute a reverse shell 

[bakerbaker]

Thanks, guys. I appreciate the information you provided, and I've since been able to also confirm vulnerability with a script within Nmap.