Skip to main content

One post tagged with "MSFVenom"

MSFVenom (Metasploit Framework Venom) is an exploitation framework created by the Metasploit project. It provides a suite of tools for generating and delivering malicious payloads, such as shellcode, to vulnerable systems. MSFVenom can be used to create custom exploits, deliver payloads over various protocols (e.g., SMB, HTTP), and interact with other Metasploit modules to achieve specific goals.

View All Tags

HTB | Jerry | Write-Up

· 13 min read

Summary:

We navigate the Hack The Box website, starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information. We identify a running webserver and proceed with directory enumeration using gobuster to uncover hidden directories. After discovering a server status login page with default credentials, we log in to gain access to the Manager App website.

Analyzing this app further, we collect the necessary credentials to log in and then identify a file upload vulnerability on the website. We create a malicious payload using msfvenom, which we use to upload and execute a reverse shell on the target machine. With a stable shell established at system level access, we proceed to grab both the user flag and root flag, ultimately achieving System Own status.

Machine Name: Jerry | Difficulty: Easy | OS: Windows