Here come another Metasploitable3 exploit !!
This is blog, we will be exploiting jenkins running on Metasploitable3.
What is Jenkins ?
Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery.
Step 1: you guessed it !!
namp -sV -p- IP
From the ports identified from nmap result, try telnet to see whats runnning and whats not.
Hmm intresting, umm not really
As expected Jenkin runs on port 8484
If you look at the right bottom, you can see that the version number is disclosed, which means ? yes search we can search Metasploit for potential vulnerabilities.
Before that, a quick google search gave me this result : exploit CVE number: CVE-2015-8103
Now, search for the damn exploit in metasploit
We have the exploit, what do we do next ? yes set the values
set RHOST x.x.x.x
yahoooooooooo!!! we have a shell
lets try a create a file called hack4 inside metasploitable3