So readers,
In getting back to practicing my l337 skills, I was attempting to invoke remote ftp file transfers via a non-interactive shell.
Basically using the –s ftp command, which runs ftp commands in a script.
A non-interactive shell:
This is basically is a shell on a remote computer (bind or reverse) that gives no feedback, and will not execute commands.
It starts off like an interactive shell where you can execute commands remotely, then you invoke ftp, powershell and it closes the connection.
The setup:
Victim machine (my laptop)
Attacker machine (my kali linux vm on the laptop)
Normal interactive shell, you can execute commands like so
Non interactive shell, invoked by the powershell command:
Non interactive shell, invoked by ftp
The victim (my windows laptop), breaks the remote connection, this is what it looks like from the victim machine. This you would not normally see.
Due to the non–interactive shell, you are unable to execute ftp commands sequentially, you may want to GET a file off the host to the victim to do some credential dumping.
ftp –s command
The –s command is explained here: –s
It allows you to run a text file containing FTP commands.
So naturally you place ftp commands in a text file and run ftp –s:<file>. In my case ftp- s:ftp2.txt
Like this:
Which is executed from the HOST (my windows laptop), and gets a file from the kali VM (attacker). The script runs fine.
From Kali VM to HOST errors
But using the remote shell and invoking the script it errors as such:
I let it run for a few minutes and it would not process any further. Why you may ask? Well the name of the post must have given it away.
I do not know WHY in the technical sense, but it has to do with running the kali vm in NAT network made, thus sharing the hosts IP address. I am sorry, I cannot be anymore technical than that. But as I explain below how I found about the issue, it must be that the ncat shell is from a different IP than the vm, but if that was the case invoking the –s command from my laptop (windows) should not be able to connect to it.
The work around/ fixxer upper
Set your Virtual Machine to bridged so that it has an IP, in the same network.
VM settings> select bridged> select replicate physical network connection state> then click configure adapters
My IP address goes from the internal VM IP address:
To one in the same IP subnet as my laptop windows machine
AND if we invoke the ftp –s command remotely:
it successfully runs ftp commands from the file as shown and puts procdump.exe onto the victim machine (my windows laptop)
note: Do change the IP address in the ftp command to the new IP address for you Kali VM, or like me you will be wondering why it does not work 
Hopefully this helps some people. As last night it was giving me a run for my money. If anyone cares to read this far, I initially found the issue by remoting from a vm on laptop B to my personal laptop with the remote shell, I then realised the ncat connection from my kali linux was from the laptop B IP address and not the Kali linux VM IP address.
Cheers,
Haydn
No comments:
Post a Comment