1.

Scan the vulnerable Linux machine and find the port number running the service
distccd.
2. Exploit the vulnerable Linux device through the distccd service, load the
'cmd/unix/reverse' payload, and determine the active user once a session is
established.
3. Upgrade the shell to meterpreter; use the 'sessions' command to find the type
of the meterpreter session.
4. Use the meterpreter session and find the current location on the vulnerable
Linux machine.
5. Run a search for 'suggester' in msfconsole and find the post-module that
suggests local exploits for privilege escalation.
6. Use the suggester post-module to upgrade privileges; find the MD5 hash of the
file with the extension jsvc_up on the vulnerable Linux machine.
7. Download the Cheat Sheet and look for the Linux post-module that checks if the
target's machine is virtual; find the module's path.
8. Search for the Linux post-module that dumps the target's hashed credentials;
find the module's path.
9. Execute the 'hashdump' post-module on the vulnerable Linux machine and extract
the target's hashed credentials; crack the password for the user 'service'.
10. Execute the auxiliary 'ssh login' on the vulnerable Linux machine using the
user 'service' with the password you found; run the 'pwd' command in the new
session and find the output.
11. Upgrade your SSH shell into meterpreter and run the 'getuid' command; find the
output.
12. Use the suggester post-module to upgrade privileges; access /etc/fuse.conf on
the vulnerable Linux machine and find the output of the last line.
13. Create a Windows meterpreter payload and execute it in the Windows machine;
find the meterpreter command to take a screenshot of the target's screen.
14. Find the meterpreter command to detect the target's inactivity with the mouse,
keyboard, or screen.
15. Search for the Windows post-module that dumps the target's hashed credentials;
find the module's path.
16. Upgrade the privileges to SYSTEM and extract the hashed credentials on the
Windows machine using 'hashdump'; find the output.
17. Clear the Windows machine event logs using meterpreter; check the Windows
Event Viewer and find the event ID created once the records are cleared.
18. Analyze the post-module 'exploit/windows/local/persistence'; find the registry
location the payload is installed.
19. Use the Windows persistence post-module and find the system path the payload
is stored by default.
20. Analyze the meterpreter command 'migrate' and find the flag used to specify
the process name.
21. Run the post-module 'windows/gather/phish_windows_credentials' on the Windows
machine and find the title of the screen displayed to the target.
22. Find the meterpreter command to display the connected web cameras.
23. Execute the meterpreter command 'screenshare' on the Windows machine and find
the webpage title.
24. Run the post-module 'windows/manage/enable_rdp' and find the Firewall rule the
payload creates for the TCP port 3389 on the Windows machine.
25. Use the post-module 'windows/manage/rollback_defender_signatures' to disable
the Defender signatures on the Windows machine; find the command the tool executes.

26. Find the meterpreter command to run commands on the target's machine while
staying in the meterpreter shell.
27. 'netsh advfirewall set allprofiles state off'; disable the Windows Firewall
using the meterpreter command line; use the '-i' and find the output received on
completion.
28. Analyze the meterpreter command 'timestomp' and find the flag to view the
file's MACE times.
 29. Analyze the meterpreter command 'timestomp' and find the flag to change the
file's last accessed time.
30. timestomp <file> -z '10/10/1000 00:00:00'; execute the meterpreter command and
change the file timestamp on the Windows machine; find the year displayed in the
timestamp.