We are going to start with some very basic commands and their outputs to help you become accustomed to working in this command line only environment. Seeing as OS X is based on a hybrid XNU kernel you will see that most commands that work within a Unix-based environment will help you navigate around the environment. Exploits are developed and vulnerabilities are discovered at an alarming rate for all flavors of operating systems causing the entry vector to change over time, but the OS commands remain fairly constant. It may seem as if we are putting the cart before the horse by showing you techniques to look around the system before we show you how to compromise the system, but knowing what to do when you get there can be more important than how you get there. The commands demonstrated in this part of the chapter are a few common commands we will be using throughout the book, but as always this list is not all encompassing as we will use many utilities and techniques in the coming chapters.
What we are looking at in this part of the chapter is twofold, first we are going to take the approach that we have compromised a system and need to look around for a foothold or data and second we will take the approach of a vulnerability researcher. Looking at the information we’ve gathered so far we have DNS records, packet captures, open ports, service names, service version and a host of other useful information, but now we need to step onto the client and start to do some looking around at ways to attack possible vulnerabilities in the system and gather information. So we’ve seen through various methods how to find a target of interest on a network using a few widely available free tools. Russ Rogers, in The Hacker's Guide to OS X, 2013 On the Client Just make sure to pay attention when listing payloads to whether or not something is described as staged.Alijohn Ghassemlouei.
If you don't want to bother with spinning up a multihandler, you can use the stageless version, though it is slightly larger. This is done by msfconsole's multihandler, but not by netcat.
This means that it can be smaller because rather than cram all the necessary code into the payload itself, it just contains the bare minimum needed to connect back to a compatible listener and receive the rest of the code. Notice how the first one is smaller, but it also says that it is staged. Windows Command Shell, Reverse TCP InlineĬonnect back to attacker and spawn a command shell Windows Command Shell, Reverse TCP Stager Take a look at these two payloads from msfvenom: payload/windows/shell/reverse_tcp Otherwise you need to use the multihandler. TLDR: to catch it with a netcat listener you need to use windows/shell_reverse_tcp, not windows/shell/reverse_tcp.
0 kommentar(er)
