Try Hack Me : What the Shell Practice Questions only!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

yo what's going on guys welcome back we are doing what the shell but today we're doing just the practice and examples because um I left them out before because I wanted people to practice and I also wanted um to not make the video four hours long or whatever it would have been um probably like two hours but anyway if you guys want to see these if you guys like the examples and actually seeing them um even though they're not asking you to answer anything um go ahead and hit that sub button hit that like button it helps out way more you guys know we are so close to 3K I really want to reach 5K this year so that's my goal hopefully you guys can make that happen I really appreciate everything you guys do for me so before we get started um there was a couple of normally I don't go back and redo videos um usually the only time I've done or I'd do it would be if uh basically if like the Box changes or something like that but because I had enough requests in the comments to redo this one I want to make sure that we redo it but the other thing is for some reason um some of you guys thought that I can't do these which was very odd to me um because I literally spent the entire video explaining them um so and when I say that a lot of people said um basically this is the hard part of the box and I would 100 disagree with you I think this is the easy part I think the hard part is learn is actually fully truly understanding what you're doing so if you think this is the hard part maybe you should go back and kind of reevaluate where your knowledge is because this this part should be easy um it should be understanding it's the hard part that's what should take take the time and the effort so just want to clear clarify that um the knowledge is more important than the commands and that's true across the board with cyber security uh the knowledge is more important than memorizing a command Okay so first things first what we're going to do we're going to upload a web shell go ahead and start the Linux machine we need to upload a web shell to the Linux box then use the command netcat okay to send a reverse shell now here's the thing the next one they're saying the exact same thing but they're giving you a specific one to use um we're just going to do both those in one because they do the same thing so if that makes sense to you guys so what they're saying here is they're saying go to here user web shells now the reason you can see I'm already there in the directory now the reason again I'm going to do both these at the same time is because they're going to be the exact same process they're the exact same thing the only difference is you would use a different web shell this web shell works just fine there's no reason to go get a different one just to do the first question um so what we're going to do once this starts up here and you notice how it's not starting up that's I've had that issue twice now so let's let's try and refresh it where I go to start it and I have to go refresh it and restart the machine okay there's this starting machine so let's see okay so now it'll actually pop up so first things first on the box here you're gonna see if you go to user share web shells PHP you're gonna get this one PHP reverse shell okay so I went ahead and I did that but I saved it into my desktop and the reason I I always recommend saving it is so that you have the original there in case you edit any of the code or you mess with it or whatever so you can see here's my PHP reverse shell and this one is the one let's see if we go up here Yep this is the one that's saved to my desktop so as you see it whoops there you go you can see they specifically tell you what you need to change you need to change the port and you need to change the IP now I'm not going to change the port I'm just going to leave port 1234 because I have no problem with it but in a real scenario you would not use port 1234 because it would be pretty obvious um you would want to try and blend in with the environment a little bit but what we're going to do here is we're going to go ahead and change the IP to whatever IP we get up here all right so we got 10 10 whoops or I'm let's see yep 10 10. 240 14. all right I'm changing that to the wrong one we'll say 10 10. 248 95. so we want this to reach out to our box I apologize because we're uploading this so we'll go ahead and save that now I should let's see if I I shouldn't have to save it but let's let's check something here and the reason I shouldn't have to save it I'll show you all right is because if we open this doesn't matter what you open it with I already did this earlier and it should yep so there it is 248.95 okay so what it is is this reverse shell or this web shell excuse me we're going to use rip because we're going to connect back to our machine so we're just going to set up netcat now you can set up whatever you want you don't have to set up netcat here um because I'm going to show you both of them but so we're going to use these options and if you remember it's connecting on Port one two three four so we're going to go ahead and hit enter and let that listen so that's going to sit there and listen now we're going to go to the actual website and all this website does is from my understanding is allow you to upload a web shell I haven't actually done any reconnaissance on this website um okay and it switched to https for some reason and I I keep doing that I keep putting an extra one in there I must be pushing it pretty fast okay so now you can see all we got to do is browse go to our desktop there's our PHP reverse shell so now it's there now you just have to submit it now there's a couple things you can do it shows you right where it's at you can just type that in or you can do just go to uploads and then it's right here PHP reverse show so now we'll go ahead and look at this before we hit submit you can see we're listening if we hit that reverse shell it's gonna it's actually loaded it and you can see now we have our Rochelle we're in but you can see we're in Ben shell nothing wrong with that but what it's asking us to do is actually change it to bin bash so you notice this is the same one um they're telling us to subnetcat listener upload and activate the shell we did the exact same thing here we uploaded it as a web shell so we're knocking out two for one because there's no point but we are going to switch over to bin bash versus Ben shell so that way they we can do the first one as well so what we're going to do is we're going to say we're going to have to set up another listener here I'm going to say and we'll just do two two two two doesn't really matter what port you do and that's listening so now here we're going to say okay and now you notice we're going we're actually on the machine and we're switching over to a bin bash shell and so we're going to say netcat and 10.10.248 .95 and Port was 2222 and we're just going to say e for execute bin bash okay so now when we hit enter it's going to give us a bin bash show and you can see connection received so now if I say who am I we're www data and we are in bin bash so now we actually did both those we have a bash shell on the machine now so all we did was upload it once you upload it there you go you can see we uploaded a reverse shell we got the reverse shell and then we went ahead from the reverse shell and we connected to a different listener on our machine so we actually technically have two shells here but we knocked both these out so now we'll go ahead and close those out clear them out so that was the first two and we'll say log into the Linux machine over SSH using the credentials using the technique in task 8 to experiment with bind and reverse netcat shells so they want us to just log into it so we'll say SSH shell at 10. 10.240.14 yes and then the password was try hack me oop must have typed it wrong okay we're in so now you can see we're at the box is called shell practice so we're in the Shell practice all right so practice reverse and bind shells using socat on uh did I skip one yep okay log into the machine over SSH using the credentials give me one second I'm just trying to adjust the light here so that way you guys don't have any issues all right so sometimes if the light gets messed up um on this side it like starts this part of the screen will get all blurry so it gets messed up um so now log into the Linux machine now what they're saying here is they're being very vague so when I say that they're saying login links machine over SSH using the techniques in task 8 just experiment they're not telling you exactly what to do they're just saying experiment okay so really all they're saying here is do whatever of these tasks you want um so keep that in mind okay so you can see here that a previous task mentioned blah blah and they're showing you the netcat listener the exact same way that we just did it so technically if you wanted to you could just do that do that and you've done what they've asked you've experimented on what these are so um connecting to the above the list over that cat would result in a bind shell on the target which is what we just did we had that we had that vine shell okay so however this is not included in most versions of netcat so what they're saying is only newer versions of net netcat have these so if your machine has an outdated version or it's not updated or whatever it won't have it so as it's widely seem to be very insecure valid right on Windows where stack binary is always required anyway this technique will work perfectly on Linux however we would listen we would instead use this code to create listener for a bind shell so all this is is you're making a name pipe you're temporarily naming it um and then you can see there we'll go ahead and just copy this so so you can see here they're walking you through it the command first creates a name pipe at temp F which is what we said then starts the netcat listener like normal and then all it's doing is directing it to the name pipe so it's saying basically right here to the output of the name pipe so whatever comes for the name pipe it's going into netcat this is very similar to how you would create a um similar to a pivot scenario if you're using netcat and then you can see you've got to have it piped to bend shell and going back to the pipe so you've got to have two-way street here and then at the end they remove it now if you didn't remove it it would just be a lot of data right just being kind of pointlessly thrown about so you can see here who am I that's Murray and then here who am I that shell and then he goes ahead and does it does the um name pipe and then he's connecting to it so you can see if we go here and it doesn't matter which way you do it we'll go ahead I gotta freaking copy and paste it okay and then again click here I don't want to type the whole thing out okay so you can see here if we go ahead and do this we've got to change some stuff on it we can't just leave the port empty we'll just name the port whatever we want make sure you take the little brackets out because if you don't we will end up with confusion because those tell data which way to flow so it would mess up so we'll go ahead and hit this and you can see that with L right there you see netcat L that means it's listening so that's the listener keep that in mind if you ever see netcat Tac L that means it's listening so we hit enter now it's listening so now we can go here and we can say okay we're on netcat or we need to connect with netcat so now we say netcat and we have that the actual listener and it the IP is 10.10.240.14 so all of these are pretty simple you have a listener and you have a connection talk to each other and you're set okay so we have the IP and then once we have the IP we just tell it what port which was one two three four I believe we did again and you hit enter and you can see we are connected so here's another thing I keep seeing everybody messing this up and being confused just because it's blinking like this does not mean you're not connected the other thing is when you hit LS because this is one of the first things a lot of people do they say well I get no response so I'm not in it doesn't matter you are in you see I'm shell now I'm not root on my machine I'm shell you are in the directory you are you um connect to directly from the shell practice box doesn't have anything in the directory so if I CD back and hit LS now I have something in the directory you can see see I'm in I'm on the machine I have a shell on the machine using the pipe method the difference is you just didn't see it okay you're going to see the same thing with the socat one that we're getting ready to do so give me one second I'm gonna fix this all right okay so now hopefully that makes sense to you guys the pipe thing I'm not going to dive deep into because I've already spoke about it on the knowledge method so if you guys are not for sure what I'm doing or don't fully understand what's going on just go back to my other video where I actually explain everything um this is why I'm doing it in two videos so that way people that just want to see it can come here and see it and then people that actually want the knowledge can do the knowledge check so um my dogs is making noise upstairs okay so now practice reverse shells using socat okay so now we'll go ahead and get rid of we'll go ahead and control C out of that okay so you see we're still shell we're still on the machine so that's good that's that's fine we want to stay on the machine okay so now we're on the machine we say who am I just to make sure even though we can see it right there and you can see boom okay so now we have the machine or SSH Den which is what we need to do and then we need to use reverse and bind shells using socat so now we just go up to here socat and you can see socat's very similar very easy to do all you're going to do on Windows well we don't we're not doing the windows right now um so this is the equivalent command for Linux so you just go here and you just say whatever Port you want doesn't really matter if I can get the dang thing to go all the way there we go my goodness okay so now all we're going to do is we're going to say here get that back okay we're gonna change the local port so keep in mind both machines have to have socat on them this machine does okay so socat uh local I think it said local IP what did it say okay yeah local IP so this was 10 10 248.95 and then the port and the port we want to do we'll just stick with one two three four because it's simple one two three four right and then that will execute bash but we have to have our listener set up so here you can see we have to have our listener and you can see right here they have it set the listener set up for you and I'm not going to copy that small enough okay so cat and then TCP attack L for listen and then the port which is one two three four so we're listening now here we execute okay welcome back so two things happened there um one I was connected but it was a unstable so I had to get rid of the connections but what happened basically after all this you see all these extra commands is my machine was still registering that Port 1234 was still in use because we've used it previously it wasn't shut down all the way yet so I had to change the port to two three four five so if you run into that where you're doing it too fast basically what's happening is your Port is still in use so I had to change support to two three four five so anyway so you can see here same command we did everything the exact same so socap TCP 1010 24895 but we did two three four five and then execute bash and then here all we did was the socat TCP listener two three four five and then you can see from here it's blinking remember when it's blinking it doesn't mean that we're not connected okay so we say who am I and you can see I'm root on my machine so who am I I'm shell and then you can see the nice thing here is it actually runs the commands here so this is how you can tell if it's working with socat okay because some people get confused you can tell it's working because of this the commands are being ran directly on the machine not back on your machine and where you can't see them okay so now we're looking at bind shells that said to do bind shells is the next one and this is basically the same thing so there's no real reason to do the reverse Shell versus the bind shell um for I'm not even going to do it because literally it's the exact same thing um the only difference is where it's coming from so a reverse shell comes from the target machine and comes back and it connects to you the buying shell is you're directly connecting so you're starting a listener on the machine and then so you would see here you would just go ahead and start that listener on the Linux machine and then here you would connect to it it's the same thing just reverse I'm not going to cover that one if you guys think it's because I can't do it that's that's fine I don't care um so now let's see switch to the windows VM okay so now we need to go ahead and close this down terminate that and now we're going to do the same thing on Windows okay welcome back hopefully that's the last time I have to restart the machines or do any of that because it's driving me nuts that try hack me is um being finicky so what I mean by that is I keep having a freaking click or refresh the page to get it to connect and it's just driving me nuts so hopefully you guys are still with me we're on which one are we even on we're on Windows foreign obtain a reverse shell using Powershell so perfect pretty easy you just go to where were we 11 web shells so it walks you right through it so you're going to take this here PHP Echo so this is just the reverse shell that they want you to upload okay we've already uploaded it it's called untitled.php pretty simple you can see it's saved there is on time all it's going to do is it's going to execute whatever we put after CMD after command and you can see that right here you can see they do CMD equals ifconfig and this is the results they get back well now what we want to do is we want to tell it to connect back so we're going to use this command Powershell it's a reverse shell with Powershell it's the same thing that they walked through earlier the only difference is the URL encoded it which means it will run in the URL and we don't have to worry about it so we go ahead and copy it so now we just call to it so we say uploads Untitled dot PHP and then we say CMD equals and we hit control V now let's make sure we got our Rochelle listener okay so it's listening now we hit enter and you can see connection from blank received so now we hit LS and we're in a Powershell command or in a Powershell um prompt which is obviously we're on a Linux box so if we're in a Powershell prompt we know that we're connected we know something happened okay so the web server is running with system privileges create a new user I'm not going to do that just because that's got nothing to do with the verse shells I just want you to create understand how to create a new user add it to the admin group that's more persistence you guys can walk through that super simple I think they even walk you through it I think it's under next steps yeah so net user net I'm not going to do that it's a waste of time it takes you guys 10 minutes max um and then experiment using socat and netcat to obtain reverse shell and buy and shells on Windows targets so again it's the same thing over and over create 64-bit Windows interpreter shell using msf Venom that's again pretty pretty self-explanatory you're going to use msf Venom to actually generate the payload and do that create both stage and stageless interpreter shells so again these are just repeating over and over and over um or the msf Venom one it's pretty so self-explanatory here they give you the actual command apparently I didn't realize they give you the full command so we'll go ahead and copy we'll do the msf Venom one but that's probably the last one I'm gonna do because um these are the just the same things repeated I think you guys get the gist I think you guys understand it so we'll go ahead and close that because we'll we'll probably have to open it up here again but so we'll go ahead and copy okay now we can just go ahead and literally put that in listening for it we'll change to one two three four again one two three four and then the host listening host that's us 10 Dot 10.248.95 and we hit enter and that's going to take a second and it'll run okay and the socat and netcat it's just telling you to experiment with them so keep in mind what it's telling you is just try out the different ways so cat and that cat are very similar that's the only reason I'm not going to do them because we've already covered socat earlier and it's basically the exact same thing with a different syntax okay so then create 64-bit Windows interpreter shell using upload it to the windows Target activate the shell and catch it so we can we have to open up msf console that might take a second but if we go in here shell.exe is what they named it perfect now we just got to upload that and you can see they gave you the command so msf Venom gave it to us it's pretty easy and we just say 10.10 58.54 and we upload now keep in mind I have it actually sitting at user share web shells and that's just the directory I was in when I created that PHP and there's shell.exe so we go ahead and upload that it's uploaded now it's not going to capture it until we say use multi Handler and we'll see if it actually figured it out okay and the reverse all right let's see what we have to and the L host that is required the listening address so we'll say set L host to ton zero I believe um 10 0 is not valid option okay so we'll just set it to the IP that we know it is 10 .10 dots 248.95 so we set that and that should be all we need oh and the set L Port which we set to one two three four and we should be good now we run it and it should be listing okay so it's listening so now we just say uploads shell.exe hit enter uh okay so maybe it was upload oh I never uploaded it I guess you got to do that huh so we run it I'm not gonna do that I'm just going to go to uploads shell.exe um again I don't really care what they do with it oh they want us to log into the um yeah activate the shell experiment with the feature so they want us to actually log into the machine and go to it and download it and show you what it looks like so we'll do that real quick whoops just to show you guys all right so we're gonna go ahead and do this copy it so if you don't know what's going on here all that's happening is we created msf Venom executable on Windows machine we'll go ahead and log in do you trust the cert yes I should log this automatically in so we created the msf Venom payload now we just have to go to the website get it to run on the machine and boom we're we're literally in with a full interpreter shell that's what's that's what's scary and there's multiple the other thing to keep in mind is there's multiple ways to do all of these and what I mean by that is you could go look up 50 different web shells right now that are different than the ones we used you can look up all kinds of stuff so don't think that just because that's how we did it that's or that's how it's asking you to do it whatever that's the whole point of these Labs is they want you to experiment they don't want you to just literally do exactly what they say so um and then stage and stainless stageless meterpreter shells for either Target that's again they're just wanting you to experiment at that point they're just saying okay go to either Target start throwing stuff at a wall and see what sticks but I want to get you at least the the ones that they're specifically asking for certain things and yes this is going to be slow because it's a VM inside of a VM and yeah so okay so since it should be hosted on this machine we should be able to just do 127.0.0.1 all right and we already know uploads shell.exe what would you like to do we'll save the file go to downloads show all downloads and once it's done I don't know how it has there we go once it's done we'll go ahead and execute it foreign so it's already done we go to downloads shell.exe We Run It and you can see as soon as we run it we have if it runs run it and you can see we have an interpreter session so command shell session one so LS whatever you want to say sessions it's already interactive okay okay so we have the session but for some reason it's saying it's already interactive that I'm already in it but I'm clearly not let's control Z and background it okay so now go to sessions so we have the one sessions 10. interact with one oh I had a little a little too many in there starting interaction with one so and you can see it's actually not doing anything but we have the session so it worked but for some reason interpreter is not doing what it's supposed to do and we're not getting the full session normally what I do here is I would just do it again but I'm not going to do it again because you guys saw it the connection worked you saw that I have interaction with one and you can see yeah so it's showing the two IPS the connection everything so it worked everything's fine um I would just rerun it again if it didn't work correctly so but that's how you do it you saw how to actually get the um use the interpreter and the msf Venom to create The Interpreter shell um I could have actually grabbed the wrong interpreter too and I'll show our msf in them so let me look um Windows oh yeah see I grabbed the wrong one so that's that's on me I grabbed the window shell not The Interpreter shell um and let's see if they show us that uh yeah so here's the windows interpreter reverse TCP so I just grabbed the wrong one because I was trying to hurry so that's what happened so that's why it wasn't making sense with it with itself um so keep that in mind that that's that's what happened um I just grabbed the wrong one it still captured the connection it just didn't know what to do with it so that's it guys hopefully that explains a lot to you guys to see the physical ones like I said the stage and stageless they're just having you experiment they're telling you to try the different ones um experiment with socat again they're just having we already covered netcats the exact same thing so hopefully this makes sense to you guys hopefully you guys can now see these things go in order I know this was kind of all over the place and the main reason for that is because try hack me just for some reason is messing up today it's driving me nuts um literally I have to keep refreshing the page just to get one of these things to freaking start so hopefully that makes sense to you guys and hopefully this helps you guys because I know a lot of people were having issues with the reverse shells the one thing I will tell you with reverse shells is this is not a step-by-step guide okay every single web application and things like that have different ways of doing reverse shells some might allow you to upload phps some might not some might you know let you do remote code execution in the command line or in the URL parameters like we saw some might not so it's it's trial and error it's experimentation just understand how a shell reverse and buy and shell works and what the difference is okay that's it guys hope you guys have a great day and thanks for watching

Info

Channel: stuffy24

Views: 7,414

Rating: undefined out of 5

Keywords: pc, linux, windows, computer, hacker, try, hack, me, be, tryhackme, hacked, pawned, pwnd, hacking, burp, suite, pro, recon, email, whois, dig, shodan.io, nmap, port, scans, scanner, n map, NMAP, scanning, ports, smtp, http, ftp, rdp, https, SSH, vulns, meta, sploit, exploit, exploitation, what, the, shell, thm, Try hack me what the shell, try hack me what the shell walkthrough, try hack me beginner, try hack me walkthrough, try hack me review, what the shell tryhackme walkthrough, what the shell tmnt, what the shell walkthrough

Id: nJLRfcB1LsU

Channel Id: undefined

Length: 33min 7sec (1987 seconds)

Published: Tue Feb 07 2023