Tools :
- nc traditional
- Cymothoa
- Virtualbox (victim)
Ip Address:
- Attacker 192.168.56.1 Backtrack 5 R1
- Victim 192.168.56.101 Ubuntu
Cymothoa is a stealth backdooring tool, that inject backdoor's shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them. In the part one I learn and try backdooring using nc (NetCat), here I will be learn how to using cymothoa to backdooring victim. Lookin the process using netstat and ps -aux.
 | |
| /bin/bash |
I will try transfering cymothoa to /bin/bash, I see the PID of /bin/bash, see the list of payloads.
 |
| Payloads |
I will transfer cymothoa by using the running service protocol http localhost, PID /bin/bash and port 9999.
 |
| Running cymothoa |
Infected....
Ceck the netstat in the victim desktop.
 | |
| Victim netstat |
Not Good situation. Port in the localhost not found :( , maybe I must try harder againt and try the other way...
Maybe try transferred cymothoa to /bin/bash victim. I did it stupidity test to /bin/bash ... :D
 |
| Error /bin/bash |
OMG …. Error (lol)...(hummer)..
See next parts to see other running and other infected service system (victim).
0 comments:
Post a Comment