Introduction to Meterpreter

No answer needed

No answer needed

Meterpreter Flavors

No answer needed

No answer needed

Meterpreter Commands

No answer needed

No answer needed

Post-Exploitation with Meterpreter

No answer needed.

No answer needed

Post-Exploitation Challenge

What is the computer name?

Follow the instructions provided by THM. Use the "exploit/windows/smb/psexec". Set the RHOSTS to the target IP, set the SMBUser to "ballen" and the SMBPass to "Password1". Run the exploit. After the meterpreter-session is established you can use sysinfo to get the answer.

ACME-TEST

What is the target domain?

FLASH

What is the name of the share likely created by the user?

Background the meterpreter-session, search "enumshares" and use "scanner/smb/smb_enumshares". Set the RHOSTS, SMBPass and SMBUser and run the scanner. If successful the scanner will list all shares. By looking at the shares you will see a share that stands out.

speedster

What is the NTLM hash of the jchambers user?

Search for NTLM. One of the modules is called "windows_secrets_dump". Use the module set the RHOSTS, SMBPass and SMBUser and run the module. One of the dumped secrets is a list of NTLM hashes. Exactly what we are looking for.

69596c7aa1e8daee17f8e78870e25a5c

What is the cleartext password of the jchambers user?

Copy the hash and select a tool of your choice to crack the password to get the answer.

Trustno1

Where is the "secrets.txt" file located?

Re-enter your meterpreter session. Run search -f secrets.txt to get the answer.

*c:\Program Files (x86)\Windows Multimedia Platform*

What is the Twitter password revealed in the "secrets.txt" file?

Run cat "c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt"

KDSvbsw3849!

Where is the "realsecret.txt" file located?

Run search -f realsecret.txt to get the answer.

*c:\inetpub\wwwroot*

What is the real secret?

Run cat "c:\inetpub\wwwroot\realsecret.txt".

The Flash is the fastest man alive