Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot injector to victim with -c option #46

Open
tarihub opened this issue Oct 27, 2022 · 5 comments
Open

Cannot injector to victim with -c option #46

tarihub opened this issue Oct 27, 2022 · 5 comments
Labels
bug Something isn't working network

Comments

@tarihub
Copy link

tarihub commented Oct 27, 2022
edited
Loading

I try to inject to victim through

./injector -c 192.168.192.16

image

image

but cannot spawn a shell from victim

could I get any help from you?
@h3xduck
Copy link
Owner

h3xduck commented Oct 27, 2022

It looks like the initial handshake between the backdoor and the client is not being completed correctly.
Some things you may check are whether:

  1. Both VMs can communicate between themselves
  2. You are first installing the rootkit with the script, then running the client
  3. An initial TCP packet with payload CC_SYN is being delivered at the machine with the rootkit (using wireshark or similar)
  4. A TCP packet with payload CC_ACK is being sent from the machine with the rootkit.

@h3xduck h3xduck added bug Something isn't working network labels Oct 27, 2022
@tarihub
Copy link
Author

tarihub commented Oct 27, 2022

Thanks for your reply~
You are right, it's the initial handshake between the backdoor and the client.

  1. Both VMs can communicate between themselves

image

attacker: 192.168.192.168
victim: 192.168.192.169

  1. I try to install the rootkit through
git clone https://github.com/h3xduck/TripleCross
cd TripleCross/src
make all
cd ../client
make
cd ../helpers
./packager.sh

And all goes well, but I can't receive a shell from victim
image

  1. CC_SYN can send to the victim machine

image

  1. Attacker can't receive CC_ACK from victim machine

image

@tarihub
Copy link
Author

tarihub commented Oct 27, 2022
edited
Loading

It seems like the initial handshake is dial to 9000 port, Do I need to listen on 9000 port with nc?

I try to listen on 9000 port with nc, but I can't get any response
image

What may the problem? Looking forward to your reply~

@h3xduck
Copy link
Owner

h3xduck commented Oct 27, 2022

Oh, I just realised. If you look at the README you'll see that I prepared this client mode (using -c) to only work after activating the execution hijacking module (you'll need to configure the parameters described at https://github.com/h3xduck/TripleCross#execution-hijacking-module for the attack to happen and thus start to listen for connections).

If you just want test the backdoor and spawn a shell, use the -e or -s flags, those definitely work out of the box.

@tarihub tarihub changed the title Cannot injector to victim Cannot injector to victim with -c option Oct 28, 2022
@tarihub
Copy link
Author

tarihub commented Oct 28, 2022
edited
Loading

Yeah! -e and -s flags can spawn a shell well~ Thanks for your patience.
I want to use -c flag to spawn a shell according to README.
image
image

Maybe it is my misunderstanding using, It can't work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working network
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@h3xduck @tarihub