OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Local vs Remote compilation
  • Linux Binaries
  • Windows Binaries
  • Python to Exe
  1. Exploitaion

Compiling the Exploit

PreviousSearchsploitNextBind and Reverse shell

Last updated 3 years ago

  • Sometimes you encounter target running older or vulnerable version of kernel and quick google will give you require exploit code to run and gain root privileges , but in most case , this exploit will come as piece of c code and not as binary so you can't run it without compiling it first ,

  • So you can use gcc or any other appropriate compiling tools to compile the code and run it.

  • You might be asking yourself what you should do if the exploit does not contain any compilation instructions. Fortunately, most of them do as it’s good practice to document code, but in case not, you need to use common sense and know how to troubleshoot errors. It is obvious that we need to specify the input file containing the source code to be compiled. It’s equally obvious that we have to specify an output file since we’re transforming source code (input) to a binary file (output). Less obvious is the '-pthread' flag that we used to compile the DirtyCOW exploit above. This flag is required for compiling the exploit, but let’s see what happens if we omit the pthread flag:

The compilation process fails because there are some undefined references to ‘pthread_create’ and ‘pthread_join’ in the source code,

  • A simple Google search on this error would reveal numerous posts and solutions related to this problem on sites like Stack Overflow, adding the -pthread flag included. The information found there will not only help you in troubleshooting compilation errors, but also teach you why these errors occur so you can recognize and know how to deal with them the next time they occur.

  • While the number of different compilation options, warnings and errors might seem intimidating at first (especially if you don’t have a lot of experience with programming) try to see every warning/error/option as a learning opportunity. Google every warning and error and try to understand the provided solutions. Also investigate why certain libraries are required, as we did with the pthread library, and understand the relation to the program’s functionality. This will get you a better understanding of what’s happening which will help you to deal more effectively and efficiently with compiling exploits in the future.

Local vs Remote compilation

If the remote host has compilation tools installed like GCC, it is best to compile the exploit on the target host. This can save you trouble with missing packages, dependencies and system specific variables (such as the architecture). If the target host does not have the right tools available to compile exploits, then you will have to compile the exploit locally on your attack box and then transfer the compiled exploit to the target.

Before compiling the exploit, you will need to make sure that all dependencies required for the target host environment have been met. For example, when the target host runs a 32-bit OS and your attack box has a 64-bit OS, you have to install the 32-bit versions of all the libraries required. For cross-compiling exploits for a different processor architecture you can install gcc-multilib (apt-get install gcc-multilib) and add -m32 for 32-bit or -m64 for 64-bit to the compilation command.

Linux Binaries

Basic Syntax

gcc cowroot.c -o cowroot

For 32 bit environment

gcc -m32 input.c -o output

For 64 bit environment

gcc -m64 input.c -o output

Windows Binaries

For 32 bit environment

i686-w64-mingw32-gcc -o main32.exe main.c

For 64 bit environment

x86_64-w64-mingw32-gcc -o main64.exe main.c

====> Note that these Windows executables will not work inside Linux Subsystem, only outside of it.

Python to Exe

pyinstaller --onefile test.py
# will save executable in dist folder