Hello, my hackers, till now we have mostly learnt only how to hack windows or android by making an infected application using Metasploit or any other tool, Social Engineering Toolkit or any other method. Today we will see hacking into Kali linux using Debinject tool!
But today we are going to learn how to hack a hackers machine, better saying, Kali linux, or any other debian operating system using a stock valid .deb [debian installer] file to hack any debian machine and get control of it. Most of you might think that our favourite operating system [kali linux] might not be vulnerable to a malicious application, but you are wrong as none of the systems In the world is 100% secure.
To hack a debian based operating system with an original valid .deb file. But first, we need to get [download] it from the internet. Let us assume that we have downloaded a file named update.deb which is an application installer for the system, now we need to inject our malicious code into the package such that when the installer runs it will automatically run the malicious code which is injected in the package for us.
To inject the malicious payload into the real file we need a tool named DEBINJECT. It is a script written in Python Written by Alisson Moretto and will help us to inject a malicious Metasploit payload code into the valid installer package such that when the victim runs the installer we get a meterpreter season in our terminal.
To download debinject follow these steps:
- First, we need to download it. so, open up a terminal and type in “git clone https://github.com/UndeadSec/Debinject.git”
- this will attempt to download the repositories from the git hub link
- Now change your directory to the downloaded folder using the command “cd Debinject”
- to list the files in the directory using the command “ls”, where you will find a file named debinject.py which is our required python script to run the tool
- But first, we need to change the permission for the file using the command “chmod +x debinject.py”.
- To run the script type in the following “python debinject.py”
- After running the script you will be displayed with the interface, where your first need to provide the path to the file which we downloaded.
- Now it will ask you for LHOST and LPORT provides them accordingly, to know your IP address (lhost) open another terminal and type in “ifconfig”.
- Select the architecture of the system 32(x86)/64(x64) bit it would be better to select x86 (32 bit) as it can run on 64 bit too.
- Select the type of metasploit payload which you want to be injected into the .deb file, it will create a backdoor file with that payload
- If you want to allow persistence then type in “y”. now it will ask you if you want to start the listener automatically
- We will have our payload created in the directory named “output” with the file extension of “deb”.rename the file to be non-suspicious.
- Send the .deb file to the victim using social engineering or MITM attack to replace the file. Manipulate him to install the malicious deb file. When he installs the file, we are prompted with meterpreter sessions in our system.
Remember this is for education purpose only do not try to attack any unauthorised system.
so I think you got to learn about how can we hack Kali Linux or any other debian system, now if you want to keep an eye at any of your hacker mates then simply hack him using this method as said hack the hacker, and if you really liked it kindly share, and if you have any queries then please comment. to Know about how to hack windows using image, read hacking Windows using an Image. Thank you.