◐
© 2026 NauffalFirdaus. All rights reserved.
Metasploit: Meterpreter
Intro
Metasploit is a popular tool used in penetration testing, and Meterpreter is a payload that lets you control a target system after gaining access. In this write-up, we will go through the basics of Meterpreter and learn some simple commands to use it.
This guide is beginner-friendly and focuses on helping you understand how Meterpreter works in a clear and easy way.
Task 5
Question 1: What is the computer name?
First, we run the sysinfo command in Meterpreter to get system details:
From the output, we can see that the Computer Name: ACME-TEST
ANS: ACME-TEST
To find extra information, we can run the getuid to identify the current user and the privilege.
Question 2: What is the target domain?
Using the same sysinfo command, we also find the domain. From the result below, the domain is FLASh.
ANS: FLASH
Question 3: What is the name of the share likely created by the user?
For the next step, we must first set the meterpreter session to the background. Then use the
use post/windows/gather/enum_shares module to find the shared folder.
To find shared folders, we use a post-exploitation module:
use post/windows/gather/enum_shares
set SESSION 1
run
This lists all available shares on the system. From the results, we see:
- Default shares:
SYSVOL,NETLOGON
- A custom share:
speedster
The share likely created by the user is speedster .
ANS: speedster
Question 4: What is the NTLM hash of the jchambers user?
First, we must get a meterpreter session. The question suggests using the exploit/windows/smb/psexec module and given credential. This module uses the SMB service to authenticate and run commands on the target.
Before running the exploit, we check what options need to be set using the show options command.
We configure the module with the target details:
RHOST: the target machine
SMBUser/SMBPass: valid credentials we already have
Now we execute the module using the exploit command.
If successful, Metasploit will:
- Authenticate to the target
- Execute the payload
- Open a Meterpreter session
You should see something like Meterpreter session 1 opened
Now we can extract user password hashes using hashdump command.
This will display all user accounts and their NTLM hashes. From the result we can see the jchambers NTLM hash.
ANS: 69596c7aa1e8daee17f8e78870e25a5c
Question 5: What is the cleartext password of the jchambers user?
For this question, the password was cracked using John the Ripper with the rockyou.txt wordlist.
We can use this command to crack the password: john —format=<password_format> —wordlist=<password_path> <hash>
After the cracking process completed, the recovered password shown is Trustno1 .
Ans: Trustno1
Question 6: Where is the "secrets.txt" file located? (Full path of the file)
To solve this question, we can utilize the meterpreter’s search function search -f <filename> . The -f stands for filename, meaning you’re searching for a specific file name. Based on the search result, the file was found at C:\Program Files (x86)\Windows Multimedia Platform\secrets.txt .
Ans: C:\Program Files (x86)\Windows Multimedia Platform\secrets.txt
Question 7: What is the Twitter password revealed in the "secrets.txt" file?
Next, we navigate to the directory and read the secrets.txt file using cat command.
The password is inside the sectrets.txt is KDSvbsw3849! .
Ans: KDSvbsw3849!
Question 8: Where is the "realsecret.txt" file located? (Full path of the file)
This question uses the same method as the previous question. We can use the search function to find the file.
The search result shows that the file is in the C:\inetpub\wwwroot directory.
Ans: C:\inetpub\wwwroot\realsecret.txt
Question 9: What is the real secret?
We navigate to the directory and use the cat command to read the realsecret.txt file.
The secret message is “The Flash is the fastest man alive”.
Ans: The Flash is the fastest man alive