# Devel! ## @author : M3tr1c_r00t  Devel is an easy Windows machine which is vulnerable to ftp file upload to get a shell using msfvenom payload and metasploit. ### Enumeration  We find that there are 2 ports open ftp and port 80. After going through the FTP, we find that the files in the ftp are the same files in the website. This then allows us to upload files and we can get a reverse shell. So. we are going to make a payload using msfvenom and upload it to the ftp service.  Were gonna use the aspx format coz that's the normal format for windows machine websites. Next up, uploading the payload to the FTP service;....  Next up, were gonna open up metasploit, move to exploits/multi/handler and set our payload to windows/meterpreter/reverse_tcp which should be simlar to our msfvenom payload. Then update the options by setting up your LHOST and then we can run our exploit and we get a meterpreter shell after accessing our payload through the site!  One of the reasons why i like using metasploit is because as soon as you get your meterpreter shell, most of your seesions will already have root escalation. And on that note, we are root. We can get our flags!  If in your session you weren't root, you can upgrade to root using the local exploit suggester module on metasploit. First of all, background your current meterpreter session,and then use multi/recon/local_exploit_suggester. Set your session id to your background session. You can check your sessions by typing sessions, then run the module....  After it completes checking, it will escalate your priviledges to root user by following the prompts{if any ;)}  And Done! ### Socials @Instagram:https://instagram.com/M3tr1c_r00t <br>@Twitter:https://twitter.com/M3tr1c_root