Help with Using the Metasploit Framework

HTB Content Academy
, , , ,
1

I’m stuck when it gets to Meterpreter, the exploit I am using does not seem to work (or any really).

I am trying to exploit IIS using iis_webdav_upload_asp. I am pretty sure I have the right host and port, but I have tried a range of different ones just in case. Obviously the wrong ones won’t even connect.

The issue I am having is that the exploit seems to fail to upload to path, more specifically error 404 Not Found. I have looked around the web page and tried obvious paths like /upload/ etc but to no avail.

I also tried using a couple different exploits for example iis_webdav_scstoragepathfromurl but it complains about the server not responding correctly to WebDAV.

Maybe I am looking at the wrong thing? I am very much stuck and not sure on how to proceed :frowning:

Thanks in advance for the help

2

Solved that yet?

3

Hi. Have u solved this yet?

4

hi guy

you should pay attention to the service version of IIS within tutorial,then check the service version of IIS within target,do you see the difference?

Don’t limit yourself to IIS service vulnerabilities.

good luck:)

5

Hello im Aldo blocked can you help me
I see the iis of the Target but i dont find another exploit

6

So I used another exploit to gain NT SYSTEM but, when I try to hashdump like normal it does not work. when I use another module in metasploit to grab all the hashes it tells me thats not correct. I tryed with htb-student, without, yadda yadda. Any hints?

EDIT:::

Tips: Use Run not Exploit for Meterpreter session, load kiwi and then walk through the examples.

7

Hello! I`m looking for different vulnerabilities for the http header of the target but no luck yet! Have you solve it?!

8

Thanks for the tip! Kiwi was what I was missing.

9

If an exploit in MSF doesn’t work and it should be working; my experience is that I’ve missed some configuration thing.

Recently i had the same problem (meterpreter didn’t work), after long trying and checking it was my LHOST that was wrong…

I have the meterpreter connected but stuck after that. But still puzzling :slight_smile:

10
  1. Use the Fortilogger in msf to get the shell
  2. See the dumping thing in the section for the rest