Bienvenu à CAPSECUR Pentesting Lab
Notre Pentesting Lab vous dispose plusieurs services vulnérables volontairement pour vous vous entrainer au Pentesting.
Veuillez utiliser votre clé privé SSH puis vous connecter sur notre lab via un client SSH sur:
$ ssh [votre_login]@lab.capsecur.eu -p 22222 -i [chemin_vers_votre_clé_privé]
Si vous n'avez pas encore d'acceè au lab, veuillez générer votre paire de clá sécurisé en RSA à 4096 bits puis l'ajouter dans votre espace personnel, rubrique gestion de clé sécurisé.
Génération de clé sur Linux/MacOS:
$ ssh-keygen -t rsa -b 4096
Votre clé publique par défaut se trouve dans :
~/.ssh/id_rsa.pub
Liste des vulnérabilités volontaires de notre lab.
Application
GlassFish
Ports
4848 - HTTP
8080 - HTTP
8181 - HTTPS
Vulnerability IDs
CVE-2011-0807
Modules
exploits/multi/http/glassfish_deployer
auxiliary/scanner/http/glassfish_login
Application
Apache Struts
Ports
8282 - HTTP
Vulnerability IDs
CVE-2016-3087
Modules
exploit/multi/http/struts_dmi_rest_exec
Application
Tomcat
Ports
8282 - HTTP
Vulnerability IDs
CVE-2009-3843
CVE-2009-4189
Modules
exploits/multi/http/jenkins_script_console
auxiliary/scanner/http/jenkins_enum
Application
Jenkins
Ports
8484 - HTTP
Modules
exploits/multi/http/jenkins_script_console
auxiliary/scanner/http/jenkins_enum
Application
IIS - FTP
Ports
21 - FTP
Modules
auxiliary/scanner/ftp/ftp_login
Application
IIS - HTTP
Ports
80 - HTTP
Vulnerability IDs
CVE-2015-1635
Modules
auxiliary/dos/http/ms15_034_ulonglongadd
Application
psexec
Ports
445 - SMB
139 - NetBIOS
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
Modules
exploits/windows/smb/psexec
exploits/windows/smb/psexec_psh
Application
SSH
Ports
22 - SSH
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
Application
WinRM
Ports
5985 - HTTPS
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
Modules
auxiliary/scanner/winrm/winrm_cmd
auxiliary/scanner/winrm/winrm_wql
auxiliary/scanner/winrm/winrm_login
auxiliary/scanner/winrm/winrm_auth_methods
exploits/windows/winrm/winrm_script_exec
Application
chinese caidao
Ports
80 - HTTP
Modules
auxiliary/scanner/http/caidao_bruteforce_login
Application
ManageEngine
Ports
8020 - HTTP
Vulnerability IDs
CVE-2015-8249
Modules
exploit/windows/http/manageengine_connectionid_write
Application
ElasticSearch
Ports
9200 - HTTP
Vulnerability IDs
CVE-2014-3120
Modules
exploit/multi/elasticsearch/script_mvel_rce
Application
Apache Axis2
Ports
8282 - HTTP
Vulnerability IDs
CVE-2010-0219
Modules
exploit/multi/http/axis2_deployer
Application
WebDAV
Ports
8585 - HTTP
Modules
auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)
Application
SNMP
Ports
161 - UDP
Modules
auxiliary/scanner/snmp/snmp_enum
Application
MySQL
Ports
3306 - TCP
Modules
windows/mysql/mysql_payload
Application
JMX
Ports
1617 - TCP
Vulnerability IDs
CVE-2015-2342
Modules
multi/misc/java_jmx_server
Application
Wordpress
Ports
8585 - HTTP
Vulnerable Plugins
NinjaForms 2.9.42 - CVE-2016-1209
Modules
unix/webapp/wp_ninja_forms_unauthenticated_file_upload
Application
Remote Desktop
Ports
3389 - RDP
Application
PHPMyAdmin
Ports
8585 - HTTP
Vulnerability IDs
CVE-2013-3238
Modules
multi/http/phpmyadmin_preg_replace
Application
Ruby on Rails
Ports
3000 - HTTP
Vulnerability IDs
CVE-2015-3224
Modules
exploit/multi/http/rails_web_console_v2_code_exec
Notre Pentesting Lab vous dispose plusieurs services vulnérables volontairement pour vous vous entrainer au Pentesting.
Veuillez utiliser votre clé privé SSH puis vous connecter sur notre lab via un client SSH sur:
$ ssh [votre_login]@lab.capsecur.eu -p 22222 -i [chemin_vers_votre_clé_privé]
Si vous n'avez pas encore d'acceè au lab, veuillez générer votre paire de clá sécurisé en RSA à 4096 bits puis l'ajouter dans votre espace personnel, rubrique gestion de clé sécurisé.
Génération de clé sur Linux/MacOS:
$ ssh-keygen -t rsa -b 4096
Votre clé publique par défaut se trouve dans :
~/.ssh/id_rsa.pub
Veuillez utiliser votre clé privé SSH puis vous connecter sur notre lab via un client SSH sur:
$ ssh [votre_login]@lab.capsecur.eu -p 22222 -i [chemin_vers_votre_clé_privé]
Si vous n'avez pas encore d'acceè au lab, veuillez générer votre paire de clá sécurisé en RSA à 4096 bits puis l'ajouter dans votre espace personnel, rubrique gestion de clé sécurisé.
Génération de clé sur Linux/MacOS:
$ ssh-keygen -t rsa -b 4096
Votre clé publique par défaut se trouve dans :
~/.ssh/id_rsa.pub
Liste des vulnérabilités volontaires de notre lab.
Application
GlassFish
Ports
4848 - HTTP
8080 - HTTP
8181 - HTTPS
8080 - HTTP
8181 - HTTPS
Vulnerability IDs
CVE-2011-0807
Modules
exploits/multi/http/glassfish_deployer
auxiliary/scanner/http/glassfish_login
auxiliary/scanner/http/glassfish_login
Application
Apache Struts
Ports
8282 - HTTP
Vulnerability IDs
CVE-2016-3087
Modules
exploit/multi/http/struts_dmi_rest_exec
Application
Tomcat
Ports
8282 - HTTP
Vulnerability IDs
CVE-2009-3843
CVE-2009-4189
CVE-2009-4189
Modules
exploits/multi/http/jenkins_script_console
auxiliary/scanner/http/jenkins_enum
auxiliary/scanner/http/jenkins_enum
Application
Jenkins
Ports
8484 - HTTP
Modules
exploits/multi/http/jenkins_script_console
auxiliary/scanner/http/jenkins_enum
auxiliary/scanner/http/jenkins_enum
Application
IIS - FTP
Ports
21 - FTP
Modules
auxiliary/scanner/ftp/ftp_login
Application
IIS - HTTP
Ports
80 - HTTP
Vulnerability IDs
CVE-2015-1635
Modules
auxiliary/dos/http/ms15_034_ulonglongadd
Application
psexec
Ports
445 - SMB
139 - NetBIOS
139 - NetBIOS
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and used to run remote code using psexec.
Modules
exploits/windows/smb/psexec
exploits/windows/smb/psexec_psh
exploits/windows/smb/psexec_psh
Application
SSH
Ports
22 - SSH
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked. Once a session is opened, remote code can be executed using SSH.
Application
WinRM
Ports
5985 - HTTPS
Vulnerability
Multiple users with weak passwords exist on the target. Those passwords can be easily cracked and WinRM can be used to run remote code on the target.
Modules
auxiliary/scanner/winrm/winrm_cmd
auxiliary/scanner/winrm/winrm_wql
auxiliary/scanner/winrm/winrm_login
auxiliary/scanner/winrm/winrm_auth_methods
exploits/windows/winrm/winrm_script_exec
auxiliary/scanner/winrm/winrm_wql
auxiliary/scanner/winrm/winrm_login
auxiliary/scanner/winrm/winrm_auth_methods
exploits/windows/winrm/winrm_script_exec
Application
chinese caidao
Ports
80 - HTTP
Modules
auxiliary/scanner/http/caidao_bruteforce_login
Application
ManageEngine
Ports
8020 - HTTP
Vulnerability IDs
CVE-2015-8249
Modules
exploit/windows/http/manageengine_connectionid_write
Application
ElasticSearch
Ports
9200 - HTTP
Vulnerability IDs
CVE-2014-3120
Modules
exploit/multi/elasticsearch/script_mvel_rce
Application
Apache Axis2
Ports
8282 - HTTP
Vulnerability IDs
CVE-2010-0219
Modules
exploit/multi/http/axis2_deployer
Application
WebDAV
Ports
8585 - HTTP
Modules
auxiliary/scanner/http/http_put (see https://github.com/rapid7/metasploitable3/pull/16)
Application
SNMP
Ports
161 - UDP
Modules
auxiliary/scanner/snmp/snmp_enum
Application
MySQL
Ports
3306 - TCP
Modules
windows/mysql/mysql_payload
Application
JMX
Ports
1617 - TCP
Vulnerability IDs
CVE-2015-2342
Modules
multi/misc/java_jmx_server
Application
Wordpress
Ports
8585 - HTTP
Vulnerable Plugins
NinjaForms 2.9.42 - CVE-2016-1209
Modules
unix/webapp/wp_ninja_forms_unauthenticated_file_upload
Application
Remote Desktop
Ports
3389 - RDP
Application
PHPMyAdmin
Ports
8585 - HTTP
Vulnerability IDs
CVE-2013-3238
Modules
multi/http/phpmyadmin_preg_replace
Application
Ruby on Rails
Ports
3000 - HTTP
Vulnerability IDs
CVE-2015-3224
Modules
exploit/multi/http/rails_web_console_v2_code_exec