Metasploit

Good day guys, i will like someone to please make something clear to me,before i got know about HTB, i have seen guys hacking with msfconsole but on getting to HTB i have seen post by some guys that they avoid using metasploit when conquering a machine. Growing up seeing guys use metasploit i have always thought metasploit was always the genuine and right way to own a machine, can someone please explain why we should avoid using metasploit?

Probably because here many are preparing for the OSCP, and there it is forbidden to use metasploit

Thanks for the reply, So what do they use instead??

@Afolic said:
Thanks for the reply, So what do they use instead??

Nothing, ‘they’ do it manually !

That must be alot of work.

Thanks for the reply

Well just to clarify the things, the OSCP does not need that hard work. Cause HTB machines are way harder than the actual OSCP process. Take your way into pwning first all of the machines with the easiest ways that you can. And then try to do them full manually to see what is your weak point. Learn smart not hard.

Metasploit isn’t banned in OSCP. You can use it as much as you want in the labs. In the exam you can only use it against one machine of your choice.

The idea is that you know what the exploit does and how it works so you can do it manually. Just putting a target ip in and hitting exploit will only get you so far without the underlying knowledge

Wow, Thanks @AgentTiro for that

@Frey said:

Well just to clarify the things, the OSCP does not need that hard work. Cause HTB machines are way harder than the actual OSCP process. Take your way into pwning first all of the machines with the easiest ways that you can. And then try to do them full manually to see what is your weak point. Learn smart not hard.

Will put that into consideration, thanks for that, am I free to hit you up if am having issues with any box?

@Afolic said:
@Frey said:

Well just to clarify the things, the OSCP does not need that hard work. Cause HTB machines are way harder than the actual OSCP process. Take your way into pwning first all of the machines with the easiest ways that you can. And then try to do them full manually to see what is your weak point. Learn smart not hard.

Will put that into consideration, thanks for that, am I free to hit you up if am having issues with any box?

Sure, hit me up on mm.

I cannot get reverse shell using Metasploit for e.g. Olympus machine, where I’m very confident that should work. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me?

My ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.x.x.x netmask 255.255.255.0 …

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0 …

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y …

It is very strange. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same.
I use tun interface. What could be a problem in your opinion? It is very difficult to work if it is so unstable. I tried to exploit multiple times. Did set TARGET and set PAYLOAD and set LHOST again.
I reseted Olympus multiple times, but no luck – no session. But the same worked - only once. I cannot understand this.

Current status:
msf exploit(exploit) > exploit

[] Started reverse TCP handler on 10.y.y.y:4444
[
] Exploit completed, but no session was created.

msf exploit(exploit) > show options

Module options (exploit):

Name Current Setting Required Description


PATH / yes Path to target webapp
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOST 10.10.10.83 yes The target address
RPORT 80 yes The target port (TCP)
SRVHOST 10.y.y.y yes Callback host for accepting connections
SRVPORT 9000 yes Port to listen for the debugger
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name Current Setting Required Description


LHOST 10.y.y.y yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name


0 Automatic

There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit?

@redsoc said:
I cannot get reverse shell using Metasploit for e.g. Olympus machine, where I’m very confident that should work. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me?

My ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.x.x.x netmask 255.255.255.0 …

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0 …

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y …

It is very strange. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same.
I use tun interface. What could be a problem in your opinion? It is very difficult to work if it is so unstable. I tried to exploit multiple times. Did set TARGET and set PAYLOAD and set LHOST again.
I reseted Olympus multiple times, but no luck – no session. But the same worked - only once. I cannot understand this.

Current status:
msf exploit(exploit) > exploit

[] Started reverse TCP handler on 10.y.y.y:4444
[
] Exploit completed, but no session was created.

msf exploit(exploit) > show options

Module options (exploit):

Name Current Setting Required Description


PATH / yes Path to target webapp
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOST 10.10.10.83 yes The target address
RPORT 80 yes The target port (TCP)
SRVHOST 10.y.y.y yes Callback host for accepting connections
SRVPORT 9000 yes Port to listen for the debugger
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name Current Setting Required Description


LHOST 10.y.y.y yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name


0 Automatic

There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit?

same it happen to me it worked once but then it say > [*] Exploit completed, but no session was created.