Exploit

Entry point is second key after enumeration

Identification

  1. Check the version of services

  2. Check the service

  3. Check the OS version

Build C Script

With the update to Kernel 5.18.0-kali7-amd64 in Kali 2022.3 (2022 Kali Rolling release), GCC 12.2.0 no longer includes libraries required by older Linux Kernels. In order to compile C and C++ exploits that can be run on older generation targets (< Kernel 2.6), this is recommendation:

Use gcc with docker

docker pull gcc:4.9
# 4.9: Pulling from library/gcc
# Digest: sha256:6356ef8b29cc3522527a85b6c58a28626744514bea87a10ff2bf67599a7474f5
# Status: Image is up to date for gcc:4.9
# docker.io/library/gcc:4.9


# copy the exploit.c in the current directory
docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:4.9 

gcc code.c -o programname

#if need 32 bit
gcc -m32 -Wl,--hash-style=both exploit.c -o exploit


# if error when execute binary
./exploit: /lib/tls/libc.so.6: version `GLIBC_2.34' not found (required by ./exploit)

# compile with docker

Compile with Docker

  1. Preparation

docker pull debian:10
mkdir ~/docker_shared
docker run --name debian10 -v ~/docker_shared:/media -it debian:10 /bin/bash

  1. Install gcc

apt update && apt install gcc-multilib build-essential

  1. Manage docker

docker stop/start debian10

docker exec -it debian10 /bin/bash

Windows

Indicators:

if you see this in c script it should compile with windows:

#include <windows.h>
#pragma comment(lib, "ws2_32")

# install migw32 first

sudo apt install gcc-mingw-w64

Compile the script

# compile
i686-w64-mingw32-gcc code.c -o programname

# if need lib use -l
i686-w64-mingw32-gcc code.c -o programname -l<libname>

# example
i686-w64-mingw32-gcc code.c -o programname -lws2_32

run the exe program with wine.

wine programname.exe

if wine have a problem Error "wine is a 64-bit installation, it cannot be used with a 32-bit wineserver."go to this website :

https://forums.linuxmint.com/viewtopic.php?t=74356

Alternative using mono:

sudo apt install mono-runtime

Note:


# win 64
sudo apt install wine


# if need wine 32
dpkg --add-architecture i386 && apt-get update &&
apt-get install wine32:i386

PreviousBypass All The ThingsNextMetasploit

Last updated