twitter

Metasploitable 3 – Exploiting Manage Engine Desktop Central 9

In this tutorial, I will be demonstrating some basics for Metasploit against Manage Engine Desktop Central 9. MEDC9 is installed on Metasploitable3 by default.

NMAP Scan

nmap -sV -p- 192.168.2.66


After a quick scan and some trial and error, I found that the Manage Engine website is running on port 8383.

Manage Engine Website


As we can see there port8383 is the web interface for Desktop Central.

Website Login


After a quick search online I was able to find that the default credentials are Admin/Admin. After trying this login, I am now able to log into the web interface.

Finding Exploit


Since we already know this is an outdated commercial software we can find a Metasploit exploit while searching on Exploit-DB.com

Metasploit


We can start Metasploit by using the msfconsole command from any terminal window.

Once we are in Metasploit, we can search for “fileuploadservlet” which we found on the Exploit-DB website.

use exploit/windows/http/manageengine_connectionid_write
show options

Now we need to select the exploit, and we can view the options that we need to configure.

set rhost 192.168.2.66
show options

With the exploit configured now, we can execute.


After executing the exploit, we now have a meterpreter shell.

Post Exploitation


After dropping down to a shell session, we can verify that we are running as system level permissions on the metasploitable3 machine.