All right. So our next task, then, is to actually build the package. Now that we've modified some of the files created the payload,
and they're all the proper folders.
Ah, that the package
build process expects we can actually build or rather rebuild this package so that we can then have it sent to the victim
by putting it into the proper folder
of my Web server running on my Callie instance.
All right, so I'm gonna run the D package.
Deb Command, I was told I wanna build,
we're gonna call when I tell the folder where the
package files are located
on. And I want to call the chef. I have to use worked. Er that's where I have put everything.
So when a *** and found this folder and call created a package called Worked er, Doctor,
I don't really give my
or leave that name, so I'm gonna rename this
and I could just call something simple like ex bomb dot
Now this ex pop dot Exe bombed, Deb found needs to be put into the proper
And so what I can do is copy
too far dub dub Doug
html. This should be the default root of
my Apache Web server. Instance running on my
and I already have the Web server running.
I could double check that.
going to my local host and there's my
default page. So that's good. Always wanna double check that that's in place before you
try to do this work.
All right, So I already ran my MSF council command
the handler for the show.
So it's a quick review. MSF council. We ran it quiet mode.
The command I'm executing at the Dash X telling you to use the multi handler
with this particular payload for a Lennox River shell.
And then I just simply tell it what my local host addresses. What my book report is that it runs the exploit. Now we can see that it's listening on this I p address on this port,
then are my victim machine.
What I need to do here is to actually get the fun
which would be the you know, the same, the same as the
the link that you would present to the victim.
And I know that it's called ex bomb dot Deb.
So that would have to create the link to create that has the same text,
and we can see that it's connected to the Web server.
Notice a connected, imported. It really doesn't matter,
because it's a non s s S S L page
the port four for three years for the reverse shell.
And we want to use a port that is
commonly seen so that it doesn't look suspicious.
All right, so now the victim has the file on their machine,
and what I can do is ah, go ahead and install
my running D package dash I for install
So give me your message. Saying it could help my display. That's not really nothing too much to worry about.
Uh, the user probably would
try to figure that out. Why? That's happening,
But we can see back on
back on the attacker machine,
for to the victim machine, and I've got a command shell open between the victim and myself.
Notice it doesn't give me a prompt or anything of that nature. But Aiken type some simple commands to verify that I am indeed connected.
The I D command tells me I am logged in his route.
And because I'm route, I can run any commands. I like, uh,
for instance, I'm looking at
the root file system on that remote system. I can run the config command to double check.
Indeed, that I am on 1 28
That is the victim's machine.
So there are a few steps that we had to go through here. We first had to download the package. We had to extract it to get the directory structure and a local folder which we could work from.
Then I had to modify
or create a couple of the
the files that are also needed.
And those were the controls script,
which I will just review real quick.
It just gives parameters for the package itself
and then the post installation which changes the
and properly tries to run the game
as as it's built. When you do the install
and then on the victim machine, we gave them a link which would have
included this information. They download the file that tried to install it,
and we get our route shell.
And once you have the root shell, then you could do things like trying thio. Maybe use other tools
to create a perm or permanent presence like net cat, for instance, You could run that can't listener
and try to give yourself ah, shell on a permanent basis that you could return to this victim to machine anytime you wish.
You can see it's a debian eight and so I dont longer need this shelf for right now. So I'm just gonna go ahead and long out
and I get back to my prompt. I hope you enjoy this demonstration.
Stay tuned for the next segment. Where? Well,
don't try to do something similar with the window system.