Exploitation Basics

Question 1

What is a reverse shell?

Answer 1

The connection comes from the target machine. The attacker will listen on a port and cause the target machine to connect to that specific port with a shell.

Question 2

What is a bind shell?

Answer 2

The connection is made from the attacker machine. The target machine will listen on a port with a shell and the attacker will connect to that port in order to access the shell.

Question 3

What is a metasploit payload?

Answer 3

It’s a piece of software used to interact with a target machine. It can be used for specifying what you want to do after the exploit or just to scan it like auxiliary payloads.

Question 4

What is a non-staged payload?

Answer 4

It’s a payload where the exploit shellcode is sent all at once. It’s bigger in size.

Question 5

What is a staged payload?

Answer 5

It’s a payload where the shellcode is sent in stages. It can be less stable.

Question 6

How to diferentiate if a payload is a non-staged or staged payload?

Answer 6

By the ‘/’ character
windows/meterpreter/reverse_tcp indicates a staged while windows/meterpreter_reverse_tcp indicates a non-staged.

Question 7

What is credential stuffing?

Answer 7

It’s the automated injection of stolen usernames and passwords in order to gain access to accounts.

Question 8

What kind of intruder attack type would you use to perform credential stuffing?

Answer 8

Pitchfork

Question 9

Why is it important to perform credential stuffing in an assessment?

Answer 9

Because users tend to use the same credentials for many different sites and services.