Try Hack Me : Metasploit: Exploitation
HTML-код
- Опубликовано: 20 авг 2024
- This is our continuation series of Junior pentesting learning path on tryhackme.com. We are exploiting! Lets have some fun!
Patreon to help support the channel! Thank you so much!
/ stuffy24
Hacker Discord
/ discord
Get 20% OFF @manscaped + Free Shipping with promo code STUFFY24 at MANSCAPED.com! #ad #manscapedpod
Great walkthrough. Its 3am and I was on the verge of rage quitting just needed to slow down and spell meterpreter correctly.
I've been watching all your Jr. Pentest videos and I'd love to say that I really appreciate the amount of explanation and information you provide. Keep it up!!
Thank you so much!
Oh man, I spent a lot of time to find what is not explained anywhere: When you run payload 2, then "run"- you have reverse shell (cmd) on the target machine, but I couldn't find how to run Meterpreter on the same time (or only Meterpreter) to use it and find a file or run hashdump - It was so not clear in every explanation of this part (most of people give results but without explanation how they run Meterpreter and how exaclty they find a file and hash) - I don't want to jump steps without really do it by myself and understand process and details.
Nobody explains so important details as good as you show on this great video. Thanks a lot! :) Have a great day!
Thank you for the kind words! Really appreciate it!
Thanks for taking the time to go over this. The instructions are much clearer.
hey stuffy, great coverage on this room. i've found that if i work through the steps of the room on my own and then come back and watch your discussion of the exercises it really helps cement the concepts because you're not just racing to the flag. even if you sounded rushed here, you take the time to verbalize your approach and establish a good level of comprehension. really appreciate this. only seen a couple of your videos but i'm sure i will be exploring more.
Thank you so much! Really good to see it helps
thats what i do too haha i do the room then watch this and get all the extra little bits of info like what parts are usefull or not in an actual pentest . great channel indeed
would have never gotten through this room without this. thank you!
same, all made sense afterwards!
It's a tough one to do alone and understand only by reading.
@@omrimizrachi2752 yeah definitely! i'm a visual and hands on learner too so following along helped. it was also placed in the course a little weird as well imo. there was a big leap in difficulty going into this room from previous ones. at least for a beginner to all of this like i am.
epic guide. ty so much for taking your time to make these. i just joined the discord and completed the welcome stuff. looking forward to the community
Appreciate you! Welcome to the community!
Thanks to this video, I figured out what I did wrong in one of the tasks. Thanks! Also props for the quality of the video, well done :D
I appreciate that!
Great video, thank you. Unfortunately, I have run into numerous issues with using a loal machine through the VPN to complete these challenges, so if you are having issues and doing the same, try using the THM attack box.
for anyone getting the "segmentation fault" error when trying to run the payload on the target machine...
set the proper payload before running the multi handler. 26:05
i was stuck on this for like 3 hours and im not fond of walkthroughs but time is important to me.
Thanks mate, it was a bit hard to understand with just THM, but with this video everything is clear now :)
Glad it helps man!
think i commented on your past videos before, but still, thank you again, i was having some trouble on my own doing the questions, got stuck for a day, thanks, you added a lot more useful information ;D have a good one!
Thank you! I appreciate that!! thats what its all for is to help!
ive done the ethernalblue room prior so I could tell what task 5 was about, but in practice when I ran nmap -sC or nmap -sV or nmap --script vuln it did not come up with ms17-010. I remember in the ethernal blue room it did show when running the 'script vuln' . Not sure if my room had an issue or if i was suppose to find ms17-010 from looking up weakneedes on the OS witch for me showed as (OS: Windows 6.1 (Samba 4.7.6-Ubuntu)
Thank you for all the help, it made things a lot easier to understand.
That's the goal! Glad it helped!
You saved me a lot of stress on this one! Good stuff.
Thank you!
Stuffy... You the man bro!
Thank you!
Thankz man, keep doing this!
It won’t work for me, I followed those exact steps and it won’t run for the last part in task 2
Please hop in the discord and troubleshoot with us
good to see you
I liked your videos. This last one is bit complicated for me but I will practice it more
Really awesome walkthrough you put together @stuffy24 , i was stuck at the ssh bit of the series, and you made it clear what i had to do. Thanks buddy!
Thank you!
Champ Stuffy, I love your effort and sincerity , feedback- Please use light pastel shades on Kali screen and also increase the font size while presenting ...
Thank you! I agree in my newer videos I try to be more conscious of this
really coool room. You went so fast :D
Lol I was trying to keep the video short since you can pause and rewind it. Hopefully it's understandable sti
the database feature is so usefull . much less copy pasting and easy searching . this alone is reason to use metasploit
It is very nice !
Made it so much clearer, thank you so much😌
I'm glad man!
Thank you so much!!!
Thank you for the kind words
Good stuff - this helped me out a lot in this module!
i do everything you do... but FAIL....no session was created...
You can hop in the discord and we can try to troubleshoot it when I can! Would love to help
keep teaching!!!! great stuff, direct and too the point.
Sweet walk through, cheers.
Thank you! Cheers mate!
Thank you!!!
this is so helpful! thank you !
Thank you for the kind words
i love this kind of great work!!!!!
Thank you!
thanks! i was stuck on the hashdump thing because I was unfamiliar with the way it worked
@@yuno3673 it's very important to learn the underlying technologies
you're awesome bro!
Thank you!
Amazing work
Thank you! Appreciate the support!
Love the video!
Thank you!
thanks for the guide
Good stuff. Thank you.
better than the writeups i saw 🙌🙌
For the NTLM hash, why was it only a part of it that's the answer? I was stuck on this and got the hash but couldn't figure it out...
Isnt all of it a hash?
No there are 2 hashes!
@@stuffy24 Ahh, what's the reason?
@@dlzmedia2792 legacy systems
Great video 👋
Thank you!
Ty for these bro
Good Job
I’m getting command shell session open instead of a meterpreter session
It's most likely the payload you used
Running the default exploit on my own kali box did work like shown on the video :(. Does anyone know why it does not work?
If you post in the discord questions with screenshots we can probably help. I'm not sure what you mean it doesn't work but you said it did work
Great!
Hey I have a question for yyou i cant use the post hashdump because I have This error : shadow must be readable in order to dump hashes
Feel free to hop in the discord and put a screenshot in questions
when I try this on my kali VM it throws up FAIL always
May I know why?all the parameters are correct and it showed that the host was vulnerable
Hey thanks so much for the support. I would revalidate all the parameters and run it multiple times to see if it fails over and over. A lot of payloads may need ran more than once.
I don't understand why we scan port 137 with netbios scanner when we saw that it was port 139 that was open
Because port 137 is used for netbios.
@@stuffy24 Firstly, thank you for the reply
I am confused though, when we scan port 137 with nmap it gives nothing because it says it is closed. However when we scan port 139 with nmap it gives the information we want.
How can metasploit netbios scan work on port 137 when nmap doesn’t and vice versa for port 139?
@@user-qx7gh6ff1e as we get into more detailed information. It's very hard to explain on RUclips comments. Feel free to hop in the discord and ask questions with screenshot examples and get more detailed answers. Make sure to have timestamps to help also for the video
hahaha you cracked me up bro .
Thanks
I kept getting a fail running the exploit until I set SMBDomain .
Can anyone explain why the . is required??
I can't ever get the Meterpreter to run and create a session. It always says address is already in use or unavailable
I will say that sounds like your doing something incorrectly
I was having a similar issue using 7777 as my LPORT for the shell script and handler value. Changing that value to something else (I used 8888 instead) fixed it, so maybe give that a go.
Thanks for the step by step explanation! Msfvenom had me stuck for a little bit but I found this and it cleared everything up. Thanks again!
Thanks for the support my man! Without subs and views it doesn't help anyone!
Thanks for the walkthrough. Maybe it's because i'm not using the attackbox, but i'm not getting a meterpreter session when i run the eternal blue exploit. I get Windows system 32 shell and I can not for the life of me figure out how to get the meterpreter session. I'm going to try it on the attackbox instead of through the vpn and see if that changes anything.
Just change the payload to a meterpreter shell
worked first time on the attackbox, didn't change anything.
@@traemorris9683 yes it's the default payload
When I execute ./rev_shell.elf I got error "Segmentation fault (core dumped)". How can I solve this?
You can hop in the discord and put your questions in the question channel and the community can help or I can take a look when I have a chance
lol bro while watching i got a csgo trade offer
Better accept lol
It doesn't work when I cat the flag on meterpreter. I tried using cat c:\Users\Jon\Documents\flag.txt also cat flag.txt. It doesn't work. I think it may be a bug. Any ideas?
Sorry just saw this
why not show us that the last part of the hash was the ntlm hash ? you said it was complicated so you left it out but it isnt that complicated
Because the video is geared to learn metasploit not how hashing works. I appreciate your feedback and I have a lot of videos on hashes that you can review. I try to keep my videos focused on the point that I'm teaching and not go on tangents of each specific piece to keep the videos as short as possible. I appreciate it's not complicated to you but breaking it down to complete beginners adds time to the video and I have to cut in places it was just where I chose not to dive deeper in the content. Could be the wrong choice but it's where I did it in this one. Thanks again for the feedback
@@stuffy24 no now that you explain it it seems like the right choice. smart move to keep it on point to not make it too overwhelming . thats why youre the best. i stand corrected
@@myname-mz3lo ohh I don't think either are correct or incorrect! I think it's just a tough thing to teach cyber without overwhelming!
@@stuffy24 true. i only started making progress when i started learning one thing at a time and at the right order, so i think your view on it aligns with that.
@@myname-mz3lo thank you for the support my friend!
Do i have to setup a server when establishing a session cos i'm not able to even when I set payload to 2 and use eternalblue exploit and set RHOSTS. I think I may have gotten my LHOST wrong or smth
Ya I would make sure your settings are correct and your connected to the VPN
what does it mean when u say "take it offline and crack it"?
Appreciate the content.
Hey sorry i just saw this. It means you dont need to still be connected. You can crack it without having any connections which means you can set it and forget it and not worry about anything.
can i get the password hash in task6, please?
Usually I like your videos but this one was frustrating and not very helpful. The reason I was watching this was because I needed help and you skipped over key parts because you were annoyed you were doing the video again. Also, it would be great if you walked through the process as you were initially doing it instead of having the answers already written. Thanks for doing the videos but they could be more helpful.
Appreciate the feedback. If you have specific parts you want broke down feel free to hop in the discord and I can try and walk through them. Most of these boxes I've done multiple times over the years so the answers are almost always going to already be filled in.
@@stuffy24 Wow thank you very much! I will have to look into Discord for this because I have only used it for Midjourney. Thank you again for all that you do to help us, you are very much appreciated!!!
@@houseofdiamonti thank you! The link is in the description. I'm happy to help
awsome
thanks
Hi What is the murphy password?
Tryhackme provides it in the instructions of Task 6 first question.
can we use msfconsole in bug bounty?
Of course if your looking for bugs you can use metasploit! Great tool!
@@stuffy24 ok👍
No the bug bounty police will find and arrest you
@@Zephyr-tg9hu haha clown
Once the rev_shell.elf file is downloaded to target box. When returning to the attack box the "http server session" was the last thing initiated. What is the key/command to get back to "exploit (windows/smb/ms17_010_eternalblue)? If I hit Ctl Z , attempting to background the http session, it stops the msfconsole.
Can you hop in the discord and put in the #questions a detailed explanation with the screenshots. I can hop in there and troubleshoot easier
@@stuffy24 23:52 which key did you press?
@@sudoaptinstallmy-life989 what do you mean which key did I press? At that time u posted I was just scrolling through the web files?
@@stuffy24 ow sorrry, 25:55
@@stuffy24 When you do CTRL + C, it comes out full.
Don´t work...msf6 exploit(windows/smb/ms17_010_eternalblue) > run
....FAIL FAIL FAIL......This is the problem with metasploit....mostly the shit don´t work!!!
Lol that's why you need a background in troubleshooting. Metasploit is one of the greatest tools ever invented in reality because before that you couldn't just get exploits like that
@@stuffy24 Hey stuffy, thanks for the answer! I thought about the problem. Can it be, that the problem was the LHOST? There was my Ip, automatically placed, I think! Maybe I have to change to the THM IP! There is always a problem with RHOSTS an LHOSTS...for a beginner. It´s confusing sometime, what IP where to place! Also, when I did a room with a friend of mine,,, we did all correct, but we need 6 RUNS to have a WIN and success??? How can it be??
@@sharky9493 metasploit is just a tool for hackers. It runs the payloads for you. If you didn't have metasploit you wouldn't even be able to attack anything unless you manually got the exploit yourself or coded it. So metasploit isn't the tool that's having those issues it's the payloads. There are many payloads and exploits that aren't always successful. That's because your taking a service and making it do something it's not meant to do. That can cause computers to crash, services to shut down etc. That's why if you don't truly know what your doing aka script kiddies. You will make a ton of mistakes and get caught often. Pentesting is an art and takes years and years to become great.
@@stuffy24 Thank you for the answer! You are the FASTEST ytuber!!👍👍I agree totaly, but you know, that in OSCP you can use MS one TIme. But sorry you didn´t answer my question, about the trys you need sometime! You face the same problems? Running MS over and over, with the same settings, 5 times FAIL,,6th time WIN. Sorry I don´t understand this,,,either the payload works of not! Greetings from germany!
@@sharky9493 yes the oscp requires you to not be a script kiddies that's why. Metasploit is a script kiddies dream! Yes I did when running a payload it is using a system to do something it's not supposed to. This doesn't always work especially due to how successful the attacks are and metasploit actually tells you how good the exploits are.
msfvenom will be my go to for payloads