Metasploit is the powerful tool for penetration testing. This room of TryHackMe overs the scanning, vulnerability assessment, and exploitation. However, in my writeup, I will cover only tasks 5 and 6, since I found it challenging to follow and accomplish.
Let’s dive it 🤿
The targeted machine is vulnerable with ms17-010 so we can exploit it. Let’s start with open msfconsole and search for ms17-010:
We will use the first one.
We have to set a few things— payload, RHOSTS, LHOST.
For payload, we will set it to the one that will provide us a meterpreter shell. To find out, we can do show payloads to see what payloads are provided in Metasploit.
We will use the meterpreter shell, so we will set the payload to one of those. Since the targeted machine is on Windows, so we will use windows/x64/meterpreter/reverse_tcp:
Before we start the exploitation, remember to set RHOSTS, and LHOST, LPORT (if necessary). If you’re all set, let’s exploit!
Note that you would see FAIL a few times, don’t panic, it will restart and try again for us. When you see WIN, you are conquering the targeted shell!
Now, to find flag.txt, we can try the dir command on Windows cmd and stroll around.
You will find the flag.txt in the Jon/ directory under C:\\Users.
To find the NLTM hash, we will type hashdump on the meterpreter shell and it shows in as the image below: