Forum Discussion
Bronze IIIntroduction to Metasploit: Ep.9 – Demonstrate Your Skills
I'd suggest double checking all the options for the exploits, little mistakes can often mess up exploits.
Be careful when copying passwords as they are case sensitive.
Do you have the correct rport set?
Try different targetURIs such as /managerFailing that, if you have the username & password you will likely be able to login to web app and upload a reverse shell then set up a listener in Metasploit using exploit/multi/handler to get a shell.
Bronze IIII'd suggest double checking all the options for the exploits, little mistakes can often mess up exploits.
Be careful when copying passwords as they are case sensitive.
Do you have the correct rport set?
Try different targetURIs such as /manager
Failing that, if you have the username & password you will likely be able to login to web app and upload a reverse shell then set up a listener in Metasploit using exploit/multi/handler to get a shell.
Bronze IIHi neeemu , Thanks for your response.
I tried a few things my side.
Before using the exploits, i tried checking if these creds work by firstly trying to log in to manager app on the Webui(http://<ip>:port/manager/html), it was not taking the creds.
I went to the website itself and clicked on manager, when i log in still not working. If the creds are not working on the website itself, they are not most likely not going to work with the exploits since they require same creds(username and password)
I further used scanner/http/dir_scanner to find interesting directories that i can use, managed to find this ones only
- neeemu
Be careful when copying passwords as they are case sensitive.
The password you shared is not exactly the same as shown in the image.
- KingMashaba
Wow you helped me a lot there, I was actually using Qlogic66 instead of QLogic66. Very simple mistake. Thank you very much for your help, really appreciated.
