• 4848 - HTTP
• 8080 - HTTP
• 8181 - HTTPS

• Username: admin
• Password: sploit

• On Metasploitable3, point your browser to http://localhost:4848.
• Login with the above credentials.

• Stop: Open task manager and kill the java.exe process running glassfish
• Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.

• CVE-2011-0807

• exploits/multi/http/glassfish_deployer
• auxiliary/scanner/http/glassfish_login

• 8282 - HTTP

• Apache Tomcat Web Application Manager
  • U: sploit
  • P: sploit

• To access the vulnerable application, point your browser on Metasploitable3 to http://localhost:8282/struts2-rest-showcase
• To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

• Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
• Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

• CVE-2016-3087

• exploit/multi/http/struts_dmi_rest_exec

• 8282 - HTTP

• U: sploit
• P: sploit

• To access the Apache Tomcat Manager, point your browser on Metasploitable3 to http://localhost:8282. Login with the above credentials.

• Stop: Open services.msc. Stop the Apache Tomcat 8.0 Tomcat8 service.
• Start: Open services.msc. Start the Apache Tomcat 8.0 Tomcat8 service.

• CVE-2009-3843
• CVE-2009-4189

• auxiliary/scanner/http/tomcat_enum
• auxiliary/scanner/http/tomcat_mgr_login
• exploits/multi/http/tomcat_mgr_deploy
• exploits/multi/http/tomcat_mgr_upload
• post/windows/gather/enum_tomcat

• 8484 - HTTP

• None enabled by default

• Point your browser on Metasploitable3 to http://localhost:8484.

• Stop: Open services.msc. Stop the jenkins service.
• Start: Open services.msc. Start the jenkins service.

• exploits/multi/http/jenkins_script_console
• auxiliary/scanner/http/jenkins_enum

• 21 - FTP

Windows credentials

Any FTP client should work

• Stop: net stop msftpsvc
• Start: net start msftpsvc

• auxiliary/scanner/ftp/ftp_login

• 80 - HTTP

• U: vagrant
• P: vagrant

• Point your browser on Metasploitable3 to http://localhost.

• Stop: Open services.msc. Stop the World Wide Web Publishing service.
• Start: Open services.msc. Start the World Wide Web Publishing service.

• CVE-2015-1635

• auxiliary/dos/http/ms15_034_ulonglongadd

• 445 - SMB
• 139 - NetBIOS

• Any credentials valid for Metasploitable3 should work. See the list here

• Use the psexec tool to run commands remotely on the target.

• Enabled by default

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.

• exploits/windows/smb/psexec
• exploits/windows/smb/psexec_psh

• 22 - SSH

• Any credentials valid for Metasploitable3 should work. See the list here

• Use an SSH client to connect and run commands remotely on the target.

• Enabled by default

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.

• 5985 - HTTPS

• Any credentials valid for Metasploitable3 should work. See the list here

• Stop: Open services.msc. Stop the Windows Remote Management service.
• Start: Open services.msc. Start the Windows Remote Management service.

• Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.

• auxiliary/scanner/winrm/winrm_cmd
• auxiliary/scanner/winrm/winrm_wql
• auxiliary/scanner/winrm/winrm_login
• auxiliary/scanner/winrm/winrm_auth_methods
• exploits/windows/winrm/winrm_script_exec

• 80 - HTTP

• Any credentials valid for Metasploitable3 should work. See the list here

• Point your browser on metasploitable3 to http://localhost/caidao.asp

• Stop: Open services.msc. Stop the World Wide Web Publishing service.
• Start: Open services.msc. Start the World Wide Web Publishing service.

• auxiliary/scanner/http/caidao_bruteforce_login

8020 - HTTP

Username: admin Password: admin

On Metasploitable3, point your browser to http://localhost:8020. Login with the above credentials.

• Stop: In command prompt, do net stop ManageEngine Desktop Central Server
• Start: In command prompt, do net start ManageEngine Desktop Central Server

• CVE-2015-8249

• exploit/windows/http/manageengine_connectionid_write

9200 - HTTP

No credentials needed

On Metasploitable3, point your browser to http://localhost:9200.

• Stop: In command prompt, do net stop elasticsearch-service-x64
• Start: In command prompt, do net start elasticsearch-service-x64

• CVE-2014-3120

• exploit/multi/elasticsearch/script_mvel_rce

8282 - HTTP

No credentials needed

On Metasploitable3, point your browser to http://localhost:8282/axis2.

Log into Apache Tomcat, and start or stop from the application manager.

• CVE-2010-0219

• exploit/multi/http/axis2_deployer

8585 - HTTP

No credentials needed

See the PR here: https://github.com/rapid7/metasploitable3/pull/16

• Stop: In command prompt, do net stop wampapache
• Start: In command prompt, do net start wampapache

• auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)

161 - UDP

Community String: public

Load the auxiliary/scanner/snmp/snmp_enum module in Metasploit and to parse the SNMP data.

• Stop: In command prompt, do net stop snmp
• Start: In command prompt, do net start snmp

• auxiliary/scanner/snmp/snmp_enum

3306 - TCP

U: root P:

Use the mysql client to connect to port 3306 on Metasploitable3.

• Stop: In command prompt, do net stop wampmysql
• Start: In command prompt, do net start wampmysql

• windows/mysql/mysql_payload

1617 - TCP

No credentials needed

Download the connector client and use the instructions found here: http://docs.oracle.com/javase/tutorial/jmx/remote/index.html

• Stop: In command prompt, do net stop jmx
• Start: In command prompt, do net start jmx

• CVE-2015-2342

• multi/misc/java_jmx_server

8585 - HTTP

No credentials needed

On Metasploitable3, point your browser to http://localhost:8585/wordpress.

• Stop: In command prompt, do net stop wampapache
• Start: In command prompt, do net start wampapache

• NinjaForms 2.9.42 - CVE-2016-1209

• unix/webapp/wp_ninja_forms_unauthenticated_file_upload

3389 - RDP

Any Windows credentials

Use a remote desktop client. Either your OS already has one, or download a 3rd party.

• Stop: net stop rdesktop
• Start: net start rdesktop

N/A

8585 - HTTP

U: root P:

On Metasploitable3, point your browser to http://localhost:8585/phpmyadmin.

• Stop: In command prompt, do net stop wampapache
• Start: In command prompt, do net start wampapache

• CVE-2013-3238

• multi/http/phpmyadmin_preg_replace

• 3000- HTTP

N/A

• On Metasploitable3, point your browser to http://localhost:3000.

• Stop: Open task manager and kill the ruby.exe process
• Start: Go to Task Scheduler and find the corresponding task. Right-click and select Run.

• CVE-2015-3224

• exploit/multi/http/rails_web_console_v2_code_exec