System credentials: ------------------msfadmin:msfadmin user:user service:service postgres:postgres (2 other system accounts) Discovery: ------------ftp 21/tcp 220 ProFTPD 1.3.

1 Server (Debian) [::ffff:127.0.0.1] ssh 22/tcp SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 telnet 23/tcp Ubuntu 8.04\x0avulnerability login: smtp 25/tcp 220 ubuntu804-base.localdomain ESMTP Postfix (Ubuntu) dns 53/tcp ISC BIND 9.4.2 dns 53/udp ISC BIND 9.4.2 http 80/tcp Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Pa tch netbios 137/udp VULNERABILITY:<00>:U :VULNERABILITY:<03>:U :VULNERABILITY:< 20>:U :MSFVULN:<00>:G :MSFVULN:<1e>:G :00:00:00:00:00:00 smb 139/tcp smb 445/tcp Unix Samba 3.0.20-Debian (language: Unknown) (domain:MSFVUL N) mysql 3306/tcp 5.0.51a-3ubuntu5 distccd 3632/tcp postgres 5432/tcp 8.3.8 http 8180/tcp Apache-Coyote/1.1 (Tomcat 5.5) Bruteforce: ----------smb ssh telnet bind apache postgres mysql tomcat 5.5

Anonymous 6 sessions 6 sessions n/a 2 web apps (twiki and tikiwik) db compromise (postgres:postgres) db compromise (root:root) shelled (tomcat:tomcat)

Exploits: --------distcc tomcat_mgr_deploy tikiwiki_graph_formula twiki mysql_yassl_getname

Excellent Excellent Excellent Excellent Good

1 session on all ranking levels requires credentials 1 session on all ranking levels information disclosure triggers crash, but not working

TODO: ----switch to a vulnerable version of sendmail configure proftpd with vulnerabilities (sql injection? others? downgrade?) Expected sessions: -----------------From Bruteforce: 6 ssh, 6 telnet, 1 tomcat

From Exploit: 1 distcc and 1 tikiwiki_graph_formula