How to complete TryHackMe: Metasploit!
In this post I will offer you all the answers you need to get your second (easy) completed room about Metasploit. Please note that I have deliberately skipped questions that required no answers.
The answers posted here should be used if you are really stuck on a task and you need help.
NOTE: I take no responsibility what you have in mind to do with these questions/answers. I am simply posting them for learning purposes. Please think twice before you try to become all “anonymous hacker” and start scanning commercial/production applications.
Task 1: Intro
No answer needed here, simply click “Question Done” after you deployed your machine.
Task 2: Initializing…
What switch do we add to msfconsole to start it without showing this information?
Cool! We’ve connected to the database, which type of database does Metasploit 5 use?
Task 3: Rock ’em to the Core [Commands]
The help menu has a very short one-character alias, what is it?
What is the base command we use for searching?
Once we’ve found the module we want to leverage, what command we use to select it as the active module?
How about if we want to view information about either a specific module or just the active one we have selected?
Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ‘talk’ to it. What command is this?
Entirely one of the commands purely utilized for fun, what command displays the motd/ascii art we see when we start msfconsole (without -q flag)?
We’ll revisit these next two commands shortly, however, they’re two of the most used commands within Metasploit. First, what command do we use to change the value of a variable?
Metasploit supports the use of global variables, something which is incredibly useful when you’re specifically focusing on a single box. What command changes the value of a variable globally?
Now that we’ve learned how to change the value of variables, how do we view them? There are technically several answers to this question, however, I’m looking for a specific three-letter command which is used to view the value of single variables.
How about changing the value of a variable to null/no value?
What command can we use to set our console output to save to a file?
What command can we use to store the settings/active datastores from Metasploit to a settings file?
Task 4: Modules for Every Occasion!
Easily the most common module utilized, which module holds all of the exploit code we will use?
Used hand in hand with exploits, which module contains the various bits of shellcode we send to have executed following exploitation?
Which module is most commonly used in scanning and verification machines are exploitable?
One of the most common activities after exploitation is looting and pivoting. Which module provides these capabilities?
Commonly utilized in payload obfuscation, which module allows us to modify the ‘appearance’ of our exploit such that we may avoid signature detection?
Last but not least, which module is used with buffer overflow and ROP attacks?
Not every module is loaded in by default, what command can we use to load different modules?
Task 5: Move that shell!
What service does nmap identify running on port 135?
What is the full path for our exploit that now appears on the msfconsole prompt?
What is the name of the column on the far left side of the console that shows up next to ‘Name’?
Task 6: We’re in, now what?
What’s the name of the spool service?
What command do we use to transfer ourselves into the process?
What command can we run to find out more information regarding the current user running the process we are in?
How about finding more information out about the system itself?
This might take a little bit of googling, what do we run to load mimikatz (more specifically the new version of mimikatz) so we can use it?
Let’s go ahead and figure out the privileges of our current user, what command do we run?
What command do we run to transfer files to our victim computer?
How about if we want to run a Metasploit module?
A simple question but still quite necessary, what command do we run to figure out the networking information and interfaces on our victim?
One quick extra question, what command can we run in our meterpreter session to spawn a normal system shell?
Task 7: Makin’ Cisco Proud
What command do we run to add a route to the following subnet: 172.18.1.0/24? Use the
-n flag in your answer.
run autoroute -s 172.18.1.0 -n 255.255.255.0
What is the full path to the socks5 auxiliary module?
What command do we prefix our commands (outside of Metasploit) to run them through our socks5 server with proxychains?
You’ve completed the room!