🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  • Identification
  • Build C Script
  • Compile with Docker
  • Windows

Exploit

Entry point is second key after enumeration

PreviousC RunnerNextBrute Force

Last updated 8 months ago

Identification

  1. Check the version of services

  2. Check the service

  3. Check the OS version

Build C Script

With the update to Kernel 5.18.0-kali7-amd64 in Kali 2022.3 (2022 Kali Rolling release), GCC 12.2.0 no longer includes libraries required by older Linux Kernels. In order to compile C and C++ exploits that can be run on older generation targets (< Kernel 2.6), this is recommendation:

Use gcc with docker

docker pull gcc:4.9
# 4.9: Pulling from library/gcc
# Digest: sha256:6356ef8b29cc3522527a85b6c58a28626744514bea87a10ff2bf67599a7474f5
# Status: Image is up to date for gcc:4.9
# docker.io/library/gcc:4.9


# copy the exploit.c in the current directory
docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:4.9 

gcc code.c -o programname

#if need 32 bit
gcc -m32 -Wl,--hash-style=both exploit.c -o exploit


# if error when execute binary
./exploit: /lib/tls/libc.so.6: version `GLIBC_2.34' not found (required by ./exploit)

# compile with docker

Compile with Docker

  1. Preparation

docker pull debian:10
mkdir ~/docker_shared
docker run --name debian10 -v ~/docker_shared:/media -it debian:10 /bin/bash

  1. Install gcc

apt update && apt install gcc-multilib build-essential

  1. Manage docker

docker stop/start debian10

docker exec -it debian10 /bin/bash

Windows

Indicators:

if you see this in c script it should compile with windows:

#include <windows.h>
#pragma comment(lib, "ws2_32")

# install migw32 first

sudo apt install gcc-mingw-w64

Compile the script

# compile
i686-w64-mingw32-gcc code.c -o programname

# if need lib use -l
i686-w64-mingw32-gcc code.c -o programname -l<libname>

# example
i686-w64-mingw32-gcc code.c -o programname -lws2_32
wine programname.exe

if wine have a problem Error "wine is a 64-bit installation, it cannot be used with a 32-bit wineserver."go to this website :

sudo apt install mono-runtime

Note:


# win 64
sudo apt install wine


# if need wine 32
dpkg --add-architecture i386 && apt-get update &&
apt-get install wine32:i386

run the exe program with .

Alternative using :

wine
https://forums.linuxmint.com/viewtopic.php?t=74356
mono
Offensive Security’s Exploit Database Archive
Logo