Objective
Microsoft Windows has the largest market share in business or personal applications, and you will often encounter many Windows workstations and servers during penetration testing. On the other hand, most penetration testers use a Linux-based distribution penetration test system, such as Kali Linux or Pentoo and Backbox. So you may need to have the ability to quickly compile Windows exploit on a Linux machine. A piece of software called "mingw-w64" can solve this problem.
MINGW-W64 is an open-source development environment for creating Windows applications. Mingw-w64 source Mingw32, because it does not initially support the 64-bit operating system. In this tutorial, I'll show you how to compile Windows Exploit under Kali Linux. Let's install Mingw-w64 on Kali Linux first.
Kali Linux Installation Mingw-w64
Kali Linux 2.0 does not have integrated mingw-w64 and requires us to install it manually. The command is as follows:
Enter "Y" to continue the installation. Installation will take some time to wait.
The MINGW-W64 installation package could not be found
You may be prompted during the installation process that you cannot find the MINGW-W64 installation package:
To resolve this issue make sure that there is a repository available in the Sources.list file. Use Nano to edit the file:
/etc/apt/sources. List
Check that the repository is properly available, and that the repositories for different versions of Kali Linux can be found on the following pages:
Http://docs.kali.org/general-use/kali-linux-sources-list-repositories
After properly configuring the repository for the Sources.list file, update the source with Apt-get update, and then reinstall the MINGW-W64.
Compiling Windows Exploit with MINGW-W64
After successfully installing MINGW-W64, I will take the cve-2011-1249 (ms11-046) vulnerability as an example of a x86 on Windows 7 SP0 exploit written in C. This version of the Windows system contains an elevation of privilege vulnerability in the Accessibility driver (AFD). Although MINGW-W64 is custom-built for 64-bit systems, it can still compile 32-bit Windows Exploit.
Let's start by downloading the exploit that needs to be compiled from EXPLOIT-DB:
Compile the Windows 32-bit Afd.sys Exploit using the following command:
The commands to compile Windows 7 Afd.sys exploit are as follows:
After compiling, the compiled EXE files are copied to the Apache Web service root directory for testing, using Cmd.exe open to see the following information:
You can see that the compiled exploit has been successfully executed on Windows 7 to elevate our permissions from test to system. Instead of creating a new shell in a new window, this exploit generates a new shell in the current shell. This means that we can run this utility from the command-line shell. For example, in Meterpreter.
Meterpreter Shell under the use of
We can use Msfvenom to quickly generate a Meterpreter TCP bounce shell and execute it on the target host. At the same time we use the multi handler under Metasploit to process the bounce session. Use the following command to generate the Payload:
IP and port are populated according to their own circumstances and then start the Msfconsole configuration multi handler exploit:
Download exploit and execute and we will get the target host Meterpreter session Shell:
Then we can run the exploit with the shell into the command line console to implement the elevation of the privilege:
We successfully promoted normal permissions to system privileges. Since a new system shell has been generated in the shell that executes it, we will be limited in our privileges, which prevents us from seeing the output of the exploit in the original shell. Exit exits into the normal shell to see the output of the exploit:
Mottoin Small compilation note Kali under Compile Exploit
--o output32 Hello. ( level)--o output Hello. (In a position)
Kali under Compile Windows Exploit
Wget-O MinGW-Get-Setup.EXE HTTP:Sourceforge.net/projects/mingw/files/installer/mingw-get-setup.exe/downloadWine MinGW-Get-Setup.ExeSelectMingw32-BaseCd/Root/.wine/drive_c/windows wget http://gojhonny.com/misc/mingw_bin.zip && unzip Mingw_bin.zip Span class= "PLN" >CD /root/. Wine/drive_c/mingw/< Span class= "PLN" >bin wine gcc -o ability./tmp/exploit.< Span class= "PLN" >c -lwsock32 wine ability.
How to compile Windows Exploit under Kali Linux