How to complete TryHackMe: Metasploit!
In this post I will offer you all the answers you need to get your second (easy) completed room about Metasploit . Please note that I have deliberately skipped questions that required no answers.
The answers posted here should be used if you areĀ really stuckĀ on a task and youĀ need help.
NOTE:Ā I take no responsibility what you have in mind to do with these questions/answers. I am simply posting them for learning purposes. Please think twice before you try to become all āanonymous hackerā and start scanning commercial/production applications.
Task 1: Intro
No answer needed here, simply click āQuestion Doneā after you deployed your machine.
Task 2: Initializingā¦
What switch do we add to msfconsole to start it without showing this information?
-q
Cool! Weāve connected to the database, which type of database does Metasploit 5 use?Ā
postgresql
Task 3: Rock āem to the Core \[Commands\]
The help menu has a very short one-character alias, what is it?
?
What is the base command we use for searching?
search
Once weāve found the module we want to leverage, what command we use to select it as the active module?
use
How about if we want to view information about either a specific module or just the active one we have selected?
info
Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ātalkā to it. What command is this?
connect
Entirely one of the commands purely utilized for fun, what command displays the motd/ascii art we see when we start msfconsole (without -q flag)?
banner
Weāll revisit these next two commands shortly, however, theyāre two of the most used commands within Metasploit. First, what command do we use to change the value of a variable?
set
Metasploit supports the use of global variables, something which is incredibly useful when youāre specifically focusing on a single box. What command changes the value of a variable globally?
setg
Now that weāve learned how to change the value of variables, how do we view them? There are technically several answers to this question, however, Iām looking for a specific three-letter command which is used to view the value of single variables.
get
How about changing the value of a variable to null/no value?
unset
What command can we use to set our console output to save to a file?
spool
What command can we use to store the settings/active datastores from Metasploit to a settings file?
save
Task 4: Modules for Every Occasion!
Easily the most common module utilized, which module holds all of the exploit code we will use?
exploit
Used hand in hand with exploits, which module contains the various bits of shellcode we send to have executed following exploitation?
payload
Which module is most commonly used in scanning and verification machines are exploitable?
auxiliary
One of the most common activities after exploitation is looting and pivoting. Which module provides these capabilities?
post
Commonly utilized in payload obfuscation, which module allows us to modify the āappearanceā of our exploit such that we may avoid signature detection?
encoder
Last but not least, which module is used with buffer overflow and ROP attacks?
NOP
Not every module is loaded in by default, what command can we use to load different modules?
load
Task 5: Move that shell!
What service does nmap identify running onĀ port 135?
msrpc
What is the full path for our exploit that now appears on the msfconsole prompt?
exploit/windows/http/icecast_header
What is the name of the column on the far left side of the console that shows up next to āNameā?
#
Task 6: Weāre in, now what?
Whatās the name of the spool service?
spoolsv.exe
What command do we use to transfer ourselves into the process?
migrate
What command can we run to find out more information regarding the current user running the process we are in?
getuid
How about finding more information out about the system itself?
sysinfo
This might take a little bit of googling, what do we run to load mimikatz (more specifically the new version of mimikatz) so we can use it?Ā
load kiwi
Letās go ahead and figure out the privileges of our current user, what command do we run?
getprivs
What command do we run to transfer files to our victim computer?
upload
How about if we want to run a Metasploit module?
run
A simple question but still quite necessary, what command do we run to figure out the networking information and interfaces on our victim?
ipconfig
One quick extra question, what command can we run in our meterpreter session to spawn a normal system shell?Ā
shell
Task 7: Makinā Cisco Proud
What command do we run to add a route to the following subnet: 172.18.1.0/24? Use theĀ -n
Ā flag in your answer.
run autoroute -s 172.18.1.0 -n 255.255.255.0
What is the full path to the socks5 auxiliary module?
auxiliary/server/socks4a
What command do we prefix our commands (outside of Metasploit) to run them through our socks5 server with proxychains?
proxychains
Congratulations
Youāve completed the room!
Comments