Metasploitable3 is another free VM that allows you to simulate attacks with one of the most popular exploitation framework i.e. Metasploit Framework.
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Previous versions of Metasploitable were distributed as a VM snapshot where everything was set up and saved in that state. Metasploitable 3 introduces a new approach: dynamically building the VM image. It utilizes Packer, Vagrant, and a ton of scripts to go from nothing to a fully functional, exploitable VM within minutes.
Here is the list of all vulnerable Applications and Services which you can easily exploit with the help of MSF.
1. GlassFish
GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation. The supported version is called Oracle GlassFish Server.
Running on Port 4848(HTTP), 8080(HTTP) and 8181(HTTPS)
Available Metasploit Modules:
2. Apache Struts
Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller architecture.
Running on Port 8282(HTTP)
Available Metasploit Modules:
3. Tomcat
Apache Tomcat, often referred to as Tomcat Server, is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket, and provides a “pure Java” HTTP web server environment in which Java code can run.
Running on Port 8282(HTTP)
Available Metasploit Modules:
- a) auxiliary/scanner/http/tomcat_enum
- b) auxiliary/scanner/http/tomcat_mgr_login
- c) exploits/multi/http/tomcat_mgr_deploy
- d) exploits/multi/http/tomcat_mgr_upload
- e) post/windows/gather/enum_tomcat
4. Jenkins
Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery.
Running on Port 8484(HTTP)
Available Metasploit Modules:
5. IIS-FTP
An FTP server is a computer which has a file transfer protocol (FTP) address and is dedicated to receiving an FTP connection. An FTP server is an important component in FTP architecture and helps in exchanging of files over internet.
Running on Port 21(FTP)
Available Metasploit Modules:
6. IIS-HTTP
Running on Port 80(HTTP)
Available Metasploit Modules:
7. psexec
PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec’s most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.
Running on Port 445(SMB) and 139(NetBIOS)
Available Metasploit Modules:
8. WinRM
Windows Remote Management (WinRM) is a feature of Windows Vista that allows administrators to remotely run management scripts. It handles remote connections by means of the WS-Management Protocol, which is based on SOAP (Simple Object Access Protocol). WinRM has features similar to those of Windows Management Instrumentation (WMI) that was installed on all computers using Windows Millennium Edition (Me), Windows 2000, Windows XP or Windows Server 2003.
Running on Port 5985(HTTPS)
Available Metasploit Modules:
- a) auxiliary/scanner/winrm/winrm_cmd
- b) auxiliary/scanner/winrm/winrm_wql
- c) auxiliary/scanner/winrm/winrm_login
- d) auxiliary/scanner/winrm/winrm_auth_methods
- e) exploits/windows/winrm/winrm_script_exec
9. Chinese Caidao
China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher Keith Tyler, we could find little useful information on China Chopper when we ran across it during an incident response engagement.
Running on Port 80(HTTP)
Available Metasploit Modules:
10. ManageEngine
ManageEngine offers enterprise IT management software for your service management, operations management, Active Directory and security needs.
Running on Port 8020(HTTP)
Available Metasploit Modules:
11. ElasticSearch
Elasticsearch is a search engine based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.
Running on Port 9200(HTTP)
Available Metasploit Modules:
12. Apache Axis2
Apache Axis2 is a core engine for Web services. It is a complete re-design and re-write of the widely used Apache Axis SOAP stack.
Running on Port 8282(HTTP)
Available Metasploit Modules:
13. WebDAV
Web Distributed Authoring and Versioning is an extension of the Hypertext Transfer Protocol that allows clients to perform remote Web content authoring operations.
Running on Port 8585(HTTP)
Available Metasploit Modules:
14. SNMP
Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
Running on Port 161(UDP)
Available Metasploit Modules:
15. MySQL
MySQL is an open-source relational database management system. Its name is a combination of “My”, the name of co-founder Michael Widenius’s daughter, and “SQL”, the abbreviation for Structured Query Language.
Running on Port 3306(TCP)
Available Metasploit Modules:
16. JMX
Java Management Extensions (JMX) is a Java technology that supplies tools for managing and monitoring applications, system objects, devices (such as printers) and service-oriented networks. Those resources are represented by objects called MBeans (for Managed Bean). In the API, classes can be dynamically loaded and instantiated. Managing and monitoring applications can be designed and developed using the Java Dynamic Management Kit.
Running on Port 1617(TCP)
Available Metasploit Modules:
17. WordPress
WordPress.com is a blogging platform that is owned and hosted online by Automattic. It is run on WordPress, an open source piece of software used by bloggers.
Running on Port 8585(HTTP)
Available Metasploit Modules:
18. PHPMyAdmin
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.
Running on Port 8585(HTTP)
Available Metasploit Modules:
19. Ruby on Rails
Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller framework, providing default structures for a database, a web service, and web pages.
Running on Port 3000(HTTP)
Available Metasploit Modules:
You may also like:- Top 7 Commercial Linux Distributions
- Why Do I Need a Website?
- Reinforcement Learning in Real-world Applications: The Latest Successes and Challenges
- Various Python Libraries for developing RESTful APIs
- Top 7 NodeJS Frameworks You Need To Know
- How Buying Instagram Followers Can Help Businesses Soar
- How To Find Gaps In Your Cybersecurity And How To Address Them
- How to close the site from indexing using robots.txt
- Internet Security With VPN – Why Do You Need It
- How to Fix The DLL Missing Error in Windows 7?
