Welcome back, everyone. In the previous part of this rapid-fire miniseries, we built the attacker portion of the shell. In this article, we'll just be testing it to see if everything works correctly.
First, we'll need to start the victim script. Simply navigate to it and execute it. With that started, let's go ahead and start the attacker script next:
We've named our script shellcontrol and we've executed it now. I've entered the victim IP as 10.0.0.33, and the IP to spoof as 10.0.0.55. I've also entered wlan0 as my desired interface.
It should now attempt to gather the victims MAC address and start the spoofing thread. Let's see the output that the attacking script gives us:
Here we go! We successfully started the interaction with the script. Let's open up Wireshark and take a look at our ARP spoofing:
I apologize for the small screenshot, but the Wireshark output is rather lengthy. We can see by this above Wireshark result that we've successfully started our ARP poisoning thread!
Now that we're in control of the victim, let's run some commands. We'll start with a simple ls command:
We can see by our prompt that the victim executed the script as root, so we OWN this box! I've made a file on the desktop under the name supersecret!; let's try and read this file:
There we have it... our shell works!
Now that we know our shell works, let's see how visible we are to the victim. Let's show the ARP cache of the victim and see our fake IP linked to our MAC:
We can see that 10.0.0.55 is mysteriously found at our MAC address, so we're successfully spoofing our IP.
Let's see what we can dig up with a Netstat command:
We can see a mysterious service on port 80 listening for any IP address. This is less likely to be detected by a firewall because of the use of well-known ports. Now that we've confirmed our shell's functionality, let's wrap this miniseries up, shall we?
There we have it. Our miniseries is over! We built the victim and attacker scripts and they can successfully interact with each other. This shell is considerably less likely to be detected by a firewall depending on what IP you choose to spoof.
If you have any questions at all, please leave them in the comments below. I'll try my absolute best to answer them.
Thank you for reading!