【TryHackMe】Metasploit Introduction：Walkthrough

概要

TryHackMe「Metasploit: Introduction」のWalkthroughです。

Task2

Q1.What is the name of the code taking advantage of a flaw on the target system?

A.Exploit

Q2.What is the name of the code that runs on the target system to achieve the attacker's goal?

A.Payload

Q3.What are self-contained payloads called?

A.Singles

Q4.Is "windows/x64/pingback_reverse_tcp" among singles or staged payload?

A.Singles

Task3

Q1.How would you search for a module related to Apache?

A.search apache

Q2.Who provided the auxiliary/scanner/ssh/ssh_login module?

moduleのinfoコマンドから、Provided by:todb <todb@metasploit.com>だと分かりました。

msf6 auxiliary(scanner/ssh/ssh_login) > info

       Name: SSH Login Check Scanner
     Module: auxiliary/scanner/ssh/ssh_login
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  todb <todb@metasploit.com>

Check supported:
  No

Basic options:
  Name              Current Setting  Required  Description
  ----              ---------------  --------  -----------
  ANONYMOUS_LOGIN   false            yes       Attempt to login with a blank username and password
  BLANK_PASSWORDS   false            no        Try blank passwords for all users
  BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
  CreateSession     true             no        Create a new session for every successful login
  DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
  DB_ALL_PASS       false            no        Add all passwords in the current database to the list
  DB_ALL_USERS      false            no        Add all users in the current database to the list
  DB_SKIP_EXISTING  none             no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
  PASSWORD                           no        A specific password to authenticate with
  PASS_FILE                          no        File containing passwords, one per line
  RHOSTS                             yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasplo
                                               it.html
  RPORT             22               yes       The target port
  STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
  THREADS           1                yes       The number of concurrent threads (max one per host)
  USERNAME                           no        A specific username to authenticate as
  USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
  USER_AS_PASS      false            no        Try the username as the password for all users
  USER_FILE                          no        File containing usernames, one per line
  VERBOSE           false            yes       Whether to print output for all attempts

Description:
  This module will test ssh logins on a range of machines and
  report successful logins.  If you have loaded a database plugin
  and connected to a database this module will record successful
  logins and hosts so you can track your access.

References:
  https://nvd.nist.gov/vuln/detail/CVE-1999-0502


View the full module info with the info -d command.

A.todb

Task4

Q1.How would you set the LPORT value to 6666?

A.set LPORT 6666

Q2.How would you set the global value for RHOSTS to 10.10.19.23 ?

A.setg RHOSTS 10.10.19.23

Q3.What command would you use to clear a set payload?

A.unset PAYLOAD

Q4.What command do you use to proceed with the exploitation phase?

A.exploit