Student Reviews
( 5 Of 5 )
1 review
Video of Windows Penetration Testing Training Metasploitable 3 Walkthrough in Metasploit Framework course by Motasem Hamdan Cyber Security & Tech channel, video No. 16 free certified online
In this video walkthrough, we covered the solution walkthrough for Metasploitable 3 where we discovered a vulnerable Jenkins server as well as vulnerable Apache Tomcat server. Both instances are installed on Windows OS and exploited both using Metasploit and Powershell.i
Receive Cyber Security Field, Certifications Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
Writeup
https://motasem-notes.net/learning-windows-server-exploitation-metasploitable-3-walkthrough/
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 Introduction to Metasploit and Exploitation
0:13 Setting Up the Windows Target Environment
0:27 Scanning for Open Ports
1:21 Discovering Jenkins Server
1:44 Exploiting Jenkins Default Credentials
2:28 Using Script Console in Jenkins
3:09 Choosing Exploitation Methods: PowerShell vs. Groovy Script
3:29 Creating a Payload with Metasploit
5:15 Setting Up a Python HTTP Server
6:37 Downloading the Payload on the Target Machine
7:54 Executing the Payload in Jenkins
8:46 Troubleshooting Download Errors
10:10 Adjusting PowerShell Command Parameters
12:37 Successfully Downloading the Payload
13:49 Setting Up a Listener in Metasploit
14:49 Gaining Initial Access and Interpreter Session
15:25 Identifying User Privileges
16:12 Moving Towards Privilege Escalation
16:45 Examining Open Ports for Tomcat Server
17:23 Locating Tomcat Configuration Files
18:22 Extracting Plaintext Credentials from Tomcat
19:53 Logging into the Tomcat Manager
20:50 Creating a WAR Payload for Tomcat Exploitation
22:09 Deploying the WAR File and Preparing for Execution