Reverse Shell & Payloads - The live engagement

Hello, I am the same as you, have you solved the problem?
a greeting

I have got the shell on Host-3 but I am not able to see the flag.txt file. It is in the Administrator user and I think I have to change the password
, but I am not able to do it. I have used “net user Administrator password” but it gives me access denied. Any ideas please?
I have also tried with net user DefaultAccount password, and it doesn’t work either. something escapes me :face_with_raised_eyebrow:

1 Like

Refer to the module “Infiltrating Windows”. No need to go down the path you are on. There’s a specific exploit in that module that should get you what you need. I spent way too long on this one as well. Super simple, just need the correct exploit in msf.

Same problem, have you found the solution ?


you must put the URL on the VHOST and run


Annoying Module but realistic and fun. Check out this blog. Installing Additional Modules in Metasploit - HackingVision

I felt it did a better job explaining how to install modules and make them work.

Now I get new error not sure why.
[-] Exploit aborted due to failure: unexpected-reply: Unexpected json response
Also tried reverse and bind both same error.

I was able to solve it after using Hint 2 for the correct credentials.
I am wondering is there anyway to get these credentials without using the hint?
did I have to brute force it?

Also make sure you’re using blog.inlanefreight.local, not blog.inlanefreight.htb :slight_smile:

On the jump host is an file there are the Creds

You have to set the VHOST correctly, then it will work