Automating Payloads & Delivery with Metasploit

HTB Content Academy
1

In this content I have tried the following commands and looked for vulnerabilities.

$ sudo nmap -sS -sV --script vuln <IP>
$ rpcclient -U "htb-student" <IP>
$ smbclient -L //<IP> -U htb-student

However, nothing is found…

  1. What command language interpreter is used to establish a system shell session with the target?
  2. Exploit the target using what you’ve learned in this section, then submit the name of the file located in htb-student’s Documents folder. (Format: filename.extension)

Any tips on how to solve these problems?

2

(I got help on Discord, Thanks).
I got my answers by reading the content of this academy thoroughly!

1 Like
3

Hi, I have completed the first question, but I am still stuck on the second one. I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “dir” and “dir /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something?

4

I have solved the problem by getting tips from ChatGPT. Thanks to its timely responses.

5

For the second problem, you need to go to the documentation directory under the htb-student user’s directory in the system-level shell.

6

I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “d r ” and “d r /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something. Regards :typing test

7

Hello. I’m stuck at the same place.What commant did you use to find the documents folder?

9

If you have the shell, you can use the same commands you would use navigating around windows using a command prompt.

13

Hi, I have completed the first question, but I am still stuck on the second one. I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “dir” and “dir /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something I used Metasploit to obtain the system shell, but I cannot locate the “Documents” folder. I have tried commands like “d r ” and “d r /a,” which displayed several directories and files, but I still cannot find the “Documents” folder. Could you let me know if I missed something.
Regards:

14

Hello! Everything is simple here, you need to do everything that was in this section
msfconsole
search smb
use exploit/windows/smb/psexec
set all parameters LHOST, RHOST , SMBPass, SMBUser, SHARE
exploit
and then search file in C:\User\htb-student\Documents

2 Likes
15

tnks i didnt set the LHOST jajajajaj

17

Once you have a shell use following command.
cd C:
dir
From here you will find the users directory and can navigate to get the answer.

19

i solved the second que with psexec not with metasploit its too automated . but for the first one i think the solution is meterpreter but its not want help