Jump to content

Problem identifying Apache Struts vulnerability on Metasploitable3


Recommended Posts

I'm able to successfully exploit the Apache Struts vulnerability on port 8282 within Metasploitable3. The problem is, I'm not finding a way to detect the vulnerability exists. I've downloaded http-vuln-cve2018-5638 for nmap, but that doesn't show this vulnerability, and I've also attempted struts-pwn with no luck. Additionally, the Nessus scanner shows a critical vulnerability with ManageEngine on that port, which looks like an easy exploit but doesn't indicate Struts is a problem. 

Nmap shows "Apache Tomcat/Coyote JSP engine 1.1", "Apache-Coyote/1.1", and "Apache Tomcat/8.0.33".  Metasploit struts_dmi_rest_exec shows it's vulnerable, and as I stated, I can use this module to exploit the system. Can anyone point me to something outside of a manual check with Metasploit that I can use to check for this vulnerability? Thank you.

Link to comment
Share on other sites

I've not got a link to hand but search the SANS webcasts for one on struts by Moses. He explains a lot about it and goes into details on how it works.

One of the things he explains is there is no way to detect the vulnerability without exploiting it. There are things to look for to spot that struts may be in use but nothing to reveal the exact versions.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...