How to complete TryHackMe: Metasploit!
In this post I will offer you all the answers you need to get your second (easy) completed room about Metasploit . Please note that I have deliberately skipped questions that required no answers.
The answers posted here should be used if you are really stuck on a task and you need help.
NOTE: I take no responsibility what you have in mind to do with these questions/answers. I am simply posting them for learning purposes. Please think twice before you try to become all “anonymous hacker” and start scanning commercial/production applications.
Task 1: Intro
No answer needed here, simply click “Question Done” after you deployed your machine.
Task 2: Initializing…
What switch do we add to msfconsole to start it without showing this information?
-q
Cool! We’ve connected to the database, which type of database does Metasploit 5 use?
postgresql
Task 3: Rock ’em to the Core \[Commands\]
The help menu has a very short one-character alias, what is it?
?
What is the base command we use for searching?
search
Once we’ve found the module we want to leverage, what command we use to select it as the active module?
use
How about if we want to view information about either a specific module or just the active one we have selected?
info
Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ‘talk’ to it. What command is this?
connect
Entirely one of the commands purely utilized for fun, what command displays the motd/ascii art we see when we start msfconsole (without -q flag)?
banner
We’ll revisit these next two commands shortly, however, they’re two of the most used commands within Metasploit. First, what command do we use to change the value of a variable?
set
Metasploit supports the use of global variables, something which is incredibly useful when you’re specifically focusing on a single box. What command changes the value of a variable globally?
setg
Now that we’ve learned how to change the value of variables, how do we view them? There are technically several answers to this question, however, I’m looking for a specific three-letter command which is used to view the value of single variables.
get
How about changing the value of a variable to null/no value?
unset
What command can we use to set our console output to save to a file?
spool
What command can we use to store the settings/active datastores from Metasploit to a settings file?
save
Task 4: Modules for Every Occasion!
Easily the most common module utilized, which module holds all of the exploit code we will use?
exploit
Used hand in hand with exploits, which module contains the various bits of shellcode we send to have executed following exploitation?
payload
Which module is most commonly used in scanning and verification machines are exploitable?
auxiliary
One of the most common activities after exploitation is looting and pivoting. Which module provides these capabilities?
post
Commonly utilized in payload obfuscation, which module allows us to modify the ‘appearance’ of our exploit such that we may avoid signature detection?
encoder
Last but not least, which module is used with buffer overflow and ROP attacks?
NOP
Not every module is loaded in by default, what command can we use to load different modules?
load
Task 5: Move that shell!
What service does nmap identify running on port 135?
msrpc
What is the full path for our exploit that now appears on the msfconsole prompt?
exploit/windows/http/icecast_header
What is the name of the column on the far left side of the console that shows up next to ‘Name’?
#
Task 6: We’re in, now what?
What’s the name of the spool service?
spoolsv.exe
What command do we use to transfer ourselves into the process?
migrate
What command can we run to find out more information regarding the current user running the process we are in?
getuid
How about finding more information out about the system itself?
sysinfo
This might take a little bit of googling, what do we run to load mimikatz (more specifically the new version of mimikatz) so we can use it?
load kiwi
Let’s go ahead and figure out the privileges of our current user, what command do we run?
getprivs
What command do we run to transfer files to our victim computer?
upload
How about if we want to run a Metasploit module?
run
A simple question but still quite necessary, what command do we run to figure out the networking information and interfaces on our victim?
ipconfig
One quick extra question, what command can we run in our meterpreter session to spawn a normal system shell?
shell
Task 7: Makin’ Cisco Proud
What command do we run to add a route to the following subnet: 172.18.1.0/24? Use the -n flag in your answer.
run autoroute -s 172.18.1.0 -n 255.255.255.0
What is the full path to the socks5 auxiliary module?
auxiliary/server/socks4a
What command do we prefix our commands (outside of Metasploit) to run them through our socks5 server with proxychains?
proxychains
Congratulations
You’ve completed the room!
Comments