Spawning Meterpreter Session from a Meterpreter Session
Hi! I just managed to set up my Windows vm using Vmware, and I'm very eager to learn about pentesting. I've ready many tutorials both on this forum, and other websites, and I've managed to gain access to my vm by exploiting ms08_067_netapi. I used a payload of windows/meterpreter/bind_tcp, and I was able to spawn a Meterpreter session. I then read that I should migrate my pid to EXPLORER.EXE so my exploited program isn't closed. After doing this, I attempted to set up a keyloger (using keyscan_start and keyscan_dump) on iexplorer.exe and see if I could catch what my "victim" was browsing, and everything worked! However, after I closed my iexplorer.exe on my vm, my meterpreter shell stoped responding. Which makes sense, because I didn't "migrate" to a new pid before I closed iexplorer.exe.
So my question is, is there a way to spawn a Meterpreter Session from a current Meterpreter Session, or do I have to re-exploit the vm to gain another Meterpreter Session. My thinking is that if I can spawn a Meterpreter Session from my current one, I don't have to worry about iexplorer.exe getting closed before I can migrate out, because I'll have another session still logged in. I was also looking into channels and they looked like a viable way to keylog in a program but not lose my connection if that program was closed.
I'm still learning about Backtrack and Metasploit so I'm sorry if this is a simple question or that I'm missing something basic. Thanks for any feedback!
Re: Spawning Meterpreter Session from a Meterpreter Session
Does not matter if you opened a million handlers/listeners you only have 1 process on the machine, if that's closed then it`s sianara. You need to enable some kind of persistence backdoor if you want to regain access to the machine without having to re-exploit it, google "persistence script".
Re: Spawning Meterpreter Session from a Meterpreter Session
You probably want to migrate to a process that is less likely to be closed during a normal session such as svchost.exe or explorer.exe. Then setup a reliable persistent backdoor that you can retain access.
Yes you can have multiple sessions running on the same machine but is unnecessary.
Re: Spawning Meterpreter Session from a Meterpreter Session
Before running the exploit, configure also AutoRunScript, getting this:
set AutoRunScript persistence
So you create a "backdoor" in the moment you connect to the target. Then just use the multi/handler to connect afterwards.
See also.
http://www.backtrack-linux.org/forum...tml#post165596
Re: Spawning Meterpreter Session from a Meterpreter Session
Ok I see. I'll take a look and that link and google some of those keywords. Thanks for your help, and the quick replies!
Re: Spawning Meterpreter Session from a Meterpreter Session
for some reasons its good to take a netcat out.
with this you can quickly run a remote-shell..
but you have to upload your file to the machine.
i think fot quick checks it is ok to use netcat..
Re: Spawning Meterpreter Session from a Meterpreter Session
Thanks for all your help guys! I followed the tutorial on Metasploit Unleashed for setting up a Meterpreter Backdoor Service, and it worked perfectly. Thanks everyone!
And sorry for the double post..
