h3xduck
Cannot injector to victim with -c option
I try to inject to victim through
./injector -c 192.168.192.16
but cannot spawn a shell from victim
could I get any help from you?
It looks like the initial handshake between the backdoor and the client is not being completed correctly. Some things you may check are whether:
- Both VMs can communicate between themselves
- You are first installing the rootkit with the script, then running the client
- An initial TCP packet with payload CC_SYN is being delivered at the machine with the rootkit (using wireshark or similar)
- A TCP packet with payload CC_ACK is being sent from the machine with the rootkit.
Thanks for your reply~ You are right, it's the initial handshake between the backdoor and the client.
- Both VMs can communicate between themselves
attacker: 192.168.192.168 victim: 192.168.192.169
- I try to install the rootkit through
git clone https://github.com/h3xduck/TripleCross
cd TripleCross/src
make all
cd ../client
make
cd ../helpers
./packager.sh
And all goes well, but I can't receive a shell from victim
-
CC_SYN can send to the victim machine
-
Attacker can't receive CC_ACK from victim machine
It seems like the initial handshake is dial to 9000 port, Do I need to listen on 9000 port with nc?
I try to listen on 9000 port with nc, but I can't get any response
What may the problem? Looking forward to your reply~
Oh, I just realised. If you look at the README you'll see that I prepared this client mode (using -c) to only work after activating the execution hijacking module (you'll need to configure the parameters described at https://github.com/h3xduck/TripleCross#execution-hijacking-module for the attack to happen and thus start to listen for connections).
If you just want test the backdoor and spawn a shell, use the -e or -s flags, those definitely work out of the box.
Yeah! -e and -s flags can spawn a shell well~ Thanks for your patience.
I want to use -c flag to spawn a shell according to README.
Maybe it is my misunderstanding using, It can't work.