It’s the last room on Metasploit. This room is all about Meterpreter. Before going deep into the task, let’s learn a bit about the Meterpreter, how it works, and what to consider when using it. I summarized and paraphrased some content from the room 😃

Meterpreter is a Metasploit payload that supports the penetration testing process with the aim to avoid being detected by network-based IPS (Intrusion Protection System) and IDS (Intrusion Detection System) solutions by using encrypted communication with the server where Metasploit runs (typically your attacking machine). If the target organization does not decrypt and inspect encrypted traffic (e.g. HTTPS) coming to and going out of the local network, IPS and IDS solutions will not be able to detect its activities.

While Meterpreter is recognized by major antivirus software, it provides some degree of stealth since Meterpreter runs in memory. It will be seen as a process and not have a file written to the disk on the target system.

When it comes to a decision on which version of Meterpreter to use will be mostly based on three factors:

• The target operating system (Is the target operating system Linux or Windows? Is it a Mac device? Is it an Android phone? etc.)
• Components available on the target system (Is Python installed? Is this a PHP website? etc.)
• Network connection types you can have with the target system (Do they allow raw TCP connections? Can you only have an HTTPS reverse connection? Are IPv6 addresses not as closely monitored as IPv4 addresses? etc.)

Below is my writeup for the Task 5!

Task5: Post-Exploitation Challenge

Deploy the targeted machine and start scanning by using nmap:

From nmap, we can actually answer the first two questions:

Q: What is the computer name?

Q: What is the target domain?

Alrighty, then fire up msfconsole to exploit the targeted machine 🔥

Use the exploit/windows/smb/psexec, and remember to set RHOSTS, LHOST, SMBUser, SMBPass.