Disclaimer: This blog is for educational purpose only!!!
Please note that we are using old and vulnerable server or application versions for demonstration/practical purpose.
In this blog we will exploit “Badblue” file sharing server. The “Badblue” web based application allows users to share photos, music, videos, and business files immediately with anyone according to choice.
We already enumerated this service using nmap tool in previous blog “https://blogs.elanustechnologies.com/infrastructure-information-gathering/ “. So, will not waste too much time. Now we can directly jump in to exploitation part of Badblue server. To do so we started Metasploit-Framework tool in Kali Linux machine and searched if exploit for Badblue server is available or not and we saw exploit for Badblue server is available which we already installed on Windows 7 VirtualBox machine.
Select the exploit and set all the required options for this exploit before starting the process because if we do not set options properly, then we can’t exploit Badblue server by using Metasploit.
Type command “exploit” to start exploiting vulnerable Badblue server. After successfully exploiting the server, we get Meterpreter command line session where we can type “sysinfo” command to see the system information and get unauthorized access to the Window7 machine.
How we can exploit file sharing server, we showed in this blog.
How to Prevent:
- Update the Badblue Server and Client with latest version to patch the vulnerability.
- Vulnerable App Link: https://www.exploit-db.com/apps/396bedff015be885c1719f39f4561081-badblue.tar_.gz