How to complete TryHackMe: Metasploit!

In this post I will offer you all the answers you need to get your second (easy) completed room about Metasploit . Please note that I have deliberately skipped questions that required no answers.

The answers posted here should be used if you are really stuck on a task and you need help.

NOTE: I take no responsibility what you have in mind to do with these questions/answers. I am simply posting them for learning purposes. Please think twice before you try to become all “anonymous hacker” and start scanning commercial/production applications.

Task 1: Intro

No answer needed here, simply click “Question Done” after you deployed your machine.

Task 2: Initializing…

What switch do we add to msfconsole to start it without showing this information?

-q

Cool! We’ve connected to the database, which type of database does Metasploit 5 use? 

postgresql

Task 3: Rock ’em to the Core \[Commands\]

The help menu has a very short one-character alias, what is it?

?

What is the base command we use for searching?

search

Once we’ve found the module we want to leverage, what command we use to select it as the active module?

use

How about if we want to view information about either a specific module or just the active one we have selected?

info

Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ‘talk’ to it. What command is this?

connect

Entirely one of the commands purely utilized for fun, what command displays the motd/ascii art we see when we start msfconsole (without -q flag)?

banner

We’ll revisit these next two commands shortly, however, they’re two of the most used commands within Metasploit. First, what command do we use to change the value of a variable?

set

Metasploit supports the use of global variables, something which is incredibly useful when you’re specifically focusing on a single box. What command changes the value of a variable globally?

setg

Now that we’ve learned how to change the value of variables, how do we view them? There are technically several answers to this question, however, I’m looking for a specific three-letter command which is used to view the value of single variables.

get

How about changing the value of a variable to null/no value?

unset

What command can we use to set our console output to save to a file?

spool

What command can we use to store the settings/active datastores from Metasploit to a settings file?

save

Task 4: Modules for Every Occasion!

Easily the most common module utilized, which module holds all of the exploit code we will use?

exploit

Used hand in hand with exploits, which module contains the various bits of shellcode we send to have executed following exploitation?

payload

Which module is most commonly used in scanning and verification machines are exploitable?

auxiliary

One of the most common activities after exploitation is looting and pivoting. Which module provides these capabilities?

post

Commonly utilized in payload obfuscation, which module allows us to modify the ‘appearance’ of our exploit such that we may avoid signature detection?

encoder

Last but not least, which module is used with buffer overflow and ROP attacks?

NOP

Not every module is loaded in by default, what command can we use to load different modules?

load

Task 5: Move that shell!

What service does nmap identify running on port 135?

msrpc

What is the full path for our exploit that now appears on the msfconsole prompt?

exploit/windows/http/icecast_header

What is the name of the column on the far left side of the console that shows up next to ‘Name’?

#

Task 6: We’re in, now what?

What’s the name of the spool service?

spoolsv.exe

What command do we use to transfer ourselves into the process?

migrate

What command can we run to find out more information regarding the current user running the process we are in?

getuid

How about finding more information out about the system itself?

sysinfo

This might take a little bit of googling, what do we run to load mimikatz (more specifically the new version of mimikatz) so we can use it? 

load kiwi

Let’s go ahead and figure out the privileges of our current user, what command do we run?

getprivs

What command do we run to transfer files to our victim computer?

upload

How about if we want to run a Metasploit module?

run

A simple question but still quite necessary, what command do we run to figure out the networking information and interfaces on our victim?

ipconfig

One quick extra question, what command can we run in our meterpreter session to spawn a normal system shell? 

shell

Task 7: Makin’ Cisco Proud

What command do we run to add a route to the following subnet: 172.18.1.0/24? Use the -n flag in your answer.

run autoroute -s 172.18.1.0 -n 255.255.255.0

What is the full path to the socks5 auxiliary module?

auxiliary/server/socks4a

What command do we prefix our commands (outside of Metasploit) to run them through our socks5 server with proxychains?

proxychains

Congratulations

You’ve completed the room!