Metasploit

The purpose of this session is to build and develop familiarity with Metasploit. Whilst Metasploit is very useful for learning , and can be used professionally, when used professionally, it is generally used through automation tools.

If you are already familiar with Metasploit, consider completing the challenges using python and the pymetasploit3 project.

To complete these challenges, open the Metasploit terminal via session.luhack.uk.

You can access each server through it’s hostname. For example, to ping the first server you could run ping server1.

These challenges are in order of difficulty.

Can you find the exploit?

Find an exploit for the target “An Unforgettable Luncheon”.

What is the exploit path from after exploit/?

Complete the line: [🚒]

What vowel is repeated excessively on the 7th line of target 2?

Server 1

This looks familiar…

What is the admin password?

Server 2

This server is running pyload.

How many favorite things does the sys admin of the target have?

What is the name of their favorite movie?

Server 3

Take a look at http://server3/upload.php.

Please use msfvenom for this.

How many users are on the system?

Server 4

Figure it out yourself.

What is the distro of the target?

What is the version of the target?

How many packages are installed on the target?

What is the name of the programming language running on the target?

What is the version of the programming language running on the target?