When I try to run https://localhost:8383/ from within Metasploitable3 Windows Server 2008 R2 Internet Explorer, I get "Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
I am logged on as U: Administrator, P: vagrant.
I can get in and stop and then restart the ManageEngine Desktop Central Server service just fine.
The commands as outlined in your vulnerabilities wikido not work:
Start/Stop
Stop: In command prompt, do net stop ManageEngine Desktop Central Server
Start: In command prompt, do net start ManageEngine Desktop Central Server
When I try to hit the site from Kali Firefox, I get the same result.
My nmap output shows that port 8383 is indeed open. (See listing below).
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-24 11:34 EDT
Nmap scan report for 192.168.1.103
Host is up (0.00015s latency).
Not shown: 981 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-syst:
|_ SYST: WindowsNT
22/tcp open ssh OpenSSH 7.1 (protocol 2.0)
| ssh-hostkey:
| 2048 dc:39:f2:8e:fd:df:84:e9:d3:cb:57:fc:20:e6:4c:4a (RSA)
| 521 7f:0a:00:7f:bb:04:05:6f:e3:e3:0d:ad:11:89:63:66 (ECDSA)
80/tcp open http Microsoft IIS httpd 7.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/7.5
|http-title: Site doesn't have a title (text/html).
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds
3306/tcp open mysql MySQL 5.5.20-log
| mysql-info:
| Protocol: 10
| Version: 5.5.20-log
| Thread ID: 5
| Capabilities flags: 63487
| Some Capabilities: DontAllowDatabaseTableColumn, Support41Auth, IgnoreSigpipes, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, LongColumnFlag, FoundRows, InteractiveClient, LongPassword, Speaks41ProtocolNew, ConnectWithDatabase, SupportsCompression, Speaks41ProtocolOld, ODBCClient, SupportsTransactions, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
| Status: Autocommit
| Salt: \$=G-IgM*'',F]"1kJmg
| Auth Plugin Name: mysql_native_password
3389/tcp open tcpwrapped
| ssl-cert: Subject: commonName=vagrant-2008R2
| Not valid before: 2022-05-28T09:11:07
|_Not valid after: 2022-11-27T09:11:07
| rdp-ntlm-info:
| Target_Name: VAGRANT-2008R2
| NetBIOS_Domain_Name: VAGRANT-2008R2
| NetBIOS_Computer_Name: VAGRANT-2008R2
| DNS_Domain_Name: vagrant-2008R2
| DNS_Computer_Name: vagrant-2008R2
| ProductVersion: 6.1.7601
| System_Time: 2022-06-24T15:36:18+00:00
|_ssl-date: 2022-06-24T15:36:39+00:00; +3s from scanner time.
4848/tcp open ssl/http Oracle Glassfish Application Server
| ssl-cert: Subject: commonName=localhost/organizationName=Oracle Corporation/stateOrProvinceName=California/countryName=US
| Not valid before: 2013-05-15T05:33:38
|_Not valid after: 2023-05-13T05:33:38
|_http-server-header: GlassFish Server Open Source Edition 4.0
|_http-title: Login
|_ssl-date: 2022-06-24T15:36:39+00:00; +3s from scanner time.
7676/tcp open java-message-service Java Message Service 301
8080/tcp open http Sun GlassFish Open Source Edition 4.0
|http-open-proxy: Proxy might be redirecting requests
| http-methods:
| Potentially risky methods: PUT DELETE TRACE
|_http-title: GlassFish Server - Server Running
|http-server-header: GlassFish Server Open Source Edition 4.0
8181/tcp open ssl/intermapper?
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 200 OK
| Date: Fri, 24 Jun 2022 15:34:55 GMT
| Content-Type: text/html
| Connection: close
| Content-Length: 4626
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
| <!--
| ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
| Copyright (c) 2010, 2013 Oracle and/or its affiliates. All rights reserved.
| subject to License Terms
|
|
Issue Description
When I try to run https://localhost:8383/ from within Metasploitable3 Windows Server 2008 R2 Internet Explorer, I get "Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
I am logged on as U: Administrator, P: vagrant.
I can get in and stop and then restart the ManageEngine Desktop Central Server service just fine.
The commands as outlined in your vulnerabilities wiki do not work: Start/Stop Stop: In command prompt, do net stop ManageEngine Desktop Central Server Start: In command prompt, do net start ManageEngine Desktop Central Server
When I try to hit the site from Kali Firefox, I get the same result.
My nmap output shows that port 8383 is indeed open. (See listing below). Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-24 11:34 EDT Nmap scan report for 192.168.1.103 Host is up (0.00015s latency). Not shown: 981 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-syst: |_ SYST: WindowsNT 22/tcp open ssh OpenSSH 7.1 (protocol 2.0) | ssh-hostkey: | 2048 dc:39:f2:8e:fd:df:84:e9:d3:cb:57:fc:20:e6:4c:4a (RSA) | 521 7f:0a:00:7f:bb:04:05:6f:e3:e3:0d:ad:11:89:63:66 (ECDSA) 80/tcp open http Microsoft IIS httpd 7.5 | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/7.5 |http-title: Site doesn't have a title (text/html). 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds 3306/tcp open mysql MySQL 5.5.20-log | mysql-info: | Protocol: 10 | Version: 5.5.20-log | Thread ID: 5 | Capabilities flags: 63487 | Some Capabilities: DontAllowDatabaseTableColumn, Support41Auth, IgnoreSigpipes, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, LongColumnFlag, FoundRows, InteractiveClient, LongPassword, Speaks41ProtocolNew, ConnectWithDatabase, SupportsCompression, Speaks41ProtocolOld, ODBCClient, SupportsTransactions, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults | Status: Autocommit | Salt: \$=G-IgM*'',F]"1kJmg | Auth Plugin Name: mysql_native_password 3389/tcp open tcpwrapped | ssl-cert: Subject: commonName=vagrant-2008R2 | Not valid before: 2022-05-28T09:11:07 |_Not valid after: 2022-11-27T09:11:07 | rdp-ntlm-info: | Target_Name: VAGRANT-2008R2 | NetBIOS_Domain_Name: VAGRANT-2008R2 | NetBIOS_Computer_Name: VAGRANT-2008R2 | DNS_Domain_Name: vagrant-2008R2 | DNS_Computer_Name: vagrant-2008R2 | ProductVersion: 6.1.7601 | System_Time: 2022-06-24T15:36:18+00:00 |_ssl-date: 2022-06-24T15:36:39+00:00; +3s from scanner time. 4848/tcp open ssl/http Oracle Glassfish Application Server | ssl-cert: Subject: commonName=localhost/organizationName=Oracle Corporation/stateOrProvinceName=California/countryName=US | Not valid before: 2013-05-15T05:33:38 |_Not valid after: 2023-05-13T05:33:38 |_http-server-header: GlassFish Server Open Source Edition 4.0 |_http-title: Login |_ssl-date: 2022-06-24T15:36:39+00:00; +3s from scanner time. 7676/tcp open java-message-service Java Message Service 301 8080/tcp open http Sun GlassFish Open Source Edition 4.0 |http-open-proxy: Proxy might be redirecting requests | http-methods: | Potentially risky methods: PUT DELETE TRACE |_http-title: GlassFish Server - Server Running |http-server-header: GlassFish Server Open Source Edition 4.0 8181/tcp open ssl/intermapper? | fingerprint-strings: | GetRequest: | HTTP/1.1 200 OK | Date: Fri, 24 Jun 2022 15:34:55 GMT | Content-Type: text/html | Connection: close | Content-Length: 4626 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> | | <!-- | ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | Copyright (c) 2010, 2013 Oracle and/or its affiliates. All rights reserved. | subject to License Terms | |