Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/documentation/modules/payload/cmd/unix/bind_busybox_telnetd.md
Views: 11705
The cmd/unix/bind_busybox_telnetd payload provides a bind TCP Unix command shell via BusyBox telnetd.
Vulnerable Application
cmd/unix/bind_busybox_telnetd should work on either 32 or 64-bit Linux platforms with BusyBox telnetd installed.
Options
LOGIN_CMD
The command telnetd will execute on connect. The default value is /bin/sh in order to provide a command shell.
TelnetdPath The path to the telnetd executable on disk. The default value is telnetd.
Advanced
CommandShellCleanupCommand
The command to run before the session is closed. The default value is pkill telnetd and is used to avoid leaving a persistent command shell that does not require authentication.
Deploying cmd/unix/bind_busybox_telnetd
To set the payload:
In msfconsole, load the exploit.
Do:
set PAYLOAD cmd/unix/bind_busybox_telnetdDo:
exploit
Notes
The shell cleanup command should result in the payload automatically terminating the telnetd service as the session completes. However, intermittent behavior was observed and the source has not been identified. When closing a session please verify, via a port scan or other desired method, that the port is no longer open. If the port remains open, then the unauthenticated telnetd service is still running. Establish a connection to the unauthenticated telnetd service and manually terminate the process (pkill telnetd) to avoid leaving the host more insecure.