InfoSecLabs
  • Information Security Labs
  • Cryptography
    • Introduction to OpenSSL/LibreSSL
    • Symmetric cryptography
    • Asymmetric cryptography
    • Hashes and Message Authentication Codes
    • Elliptic Curve Cryptography
    • Diffie-Hellman (DH)
    • Digital Signatures
    • Digital Certificates
    • S/MIME
    • OCSP - Online Certificate Status Protocol
    • SSL/TLS
  • Passwords
    • Understanding and attacking password-based systems
    • THC-Hydra
    • John the Ripper
    • Hashcat
  • Vulnerability Testing
    • Introduction to vulnerability testing
    • Reconnaissance and Footprinting
      • OSINT
      • Maltego
      • Recon-ng
      • theHarvester
      • dmitry
    • Scanning and Enumeration
      • Nmap
      • Hping3
    • Vulnerability Identification and Analysis
      • OpenVAS
        • OpenVAS Architecture
        • Installing OpenVAS on Kali Linux
        • Starting and Stopping OpenVAS
        • Navigating through OpenVAS
        • Scanning a target
      • Nessus
  • Vulnerability Exploitation
    • About the Metasploit Framework
    • Basics of Metasploit Framework
    • Exploitation with Metasploit Framework
      • vsftp Backdoor Vulnerability [CVE-2011-2523]
      • UnrealIRCd backdoor [CVE-2010-2075]
      • distCC RCE [CVE-2004-2687]
      • Java RMI Server Insecure Default Configuration RCE Vulnerability
      • VNC Brute Force Login
      • MySQL / MariaDB Default Credentials (MySQL Protocol)
      • SAMBA (Samba “username map script” Command Execution)
      • Tomcat (Apache Tomcat Manager Application Deployer Authenticated Code Execution)
      • Apache (CGI Argument Injection)
      • Windows Eternalblue [CVE-2017-143,144,145,146,148]
    • Create payload to exploit users
  • Application Security
    • DVWA - Damn Vulnerable Web Application
      • Introduction
      • Setup
      • Web Apps Vulnerability Testing
        • Brute-Force
        • Command Injection
        • File inclusion
        • File upload
        • SQL Injection
        • SQL Injection (Blind)
        • XSS (Reflected)
        • XSS (Stored)
  • Social Engineering
Powered by GitBook
On this page
  1. Vulnerability Exploitation

Exploitation with Metasploit Framework

PreviousBasics of Metasploit FrameworkNextvsftp Backdoor Vulnerability [CVE-2011-2523]

Last updated 1 year ago

In this part you will be able to do some basic exploitation using the Metasploit Framework. In order to be able to complete everything on this lab you will require the following:

  • Kali Linux, with Metasploit Framework installed;

  • Metasploitable 2 virtual machine;

  • Windows 7 virtual machine.

Bellow you’ll find the list of vulnerabilities and how to exploit those vulnerabilities with Metasploit Framework. These vulnerabilities were previously identified by the usage of a vulnerability scanner:

vsftp Backdoor Vulnerability [CVE-2011-2523]
UnrealIRCd backdoor [CVE-2010-2075]
distCC RCE [CVE-2004-2687]
Java RMI Server Insecure Default Configuration RCE Vulnerability
VNC Brute Force Login
MySQL / MariaDB Default Credentials (MySQL Protocol)
SAMBA (Samba “username map script” Command Execution)
Tomcat (Apache Tomcat Manager Application Deployer Authenticated Code Execution)
Apache (CGI Argument Injection)
Windows Eternalblue [CVE-2017-143,144,145,146,148]