Page 5 of 9 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 90

Thread: Metasploiting for BT3 - Reverse TCP

  1. #41

    Default

    Quote Originally Posted by gavros79 View Post
    phoenix910 thanks for the articles you posted,great work!
    You're welcome

    And TexRyker, I've never seen that issue myself, so I'd just say:
    a) Make sure the code is typed exactly right, and that there are no syntax errors
    b) Update to the latest SVN version, and see if that helps
    c) Download a fresh version on a different Linux OS, and see if it does it there. I must admit, I haven't tried this with BT4 beta yet, so it's possible that if you're using that, that could be your issue.

    ~phoenix910

  2. #42
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default

    Pheonix I think you did something wrong in that code. It is asking for what language you want to write the EXE file in. Instead of putting -t EXE try -t C.
    I hate Google.

  3. #43

    Default

    Quote Originally Posted by Mortifix View Post
    Pheonix I think you did something wrong in that code. It is asking for what language you want to write the EXE file in. Instead of putting -t EXE try -t C.
    Both work - trust me, I've tried em both

    ~phoenix910

  4. #44
    TexRyker
    Guest

    Default

    Quote Originally Posted by phoenix910 View Post
    You're welcome

    And TexRyker, I've never seen that issue myself, so I'd just say:
    a) Make sure the code is typed exactly right, and that there are no syntax errors
    b) Update to the latest SVN version, and see if that helps
    c) Download a fresh version on a different Linux OS, and see if it does it there. I must admit, I haven't tried this with BT4 beta yet, so it's possible that if you're using that, that could be your issue.

    ~phoenix910
    I will give it another try today. I did run the update to the latest SVN. Thanks again.

  5. #45
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default

    I was re-reading your tutorial and I had a few questions about it. With this technique are you actually using an exploit or just installing meterpreter. Why did you use the reverse_tcp method? Is that the most effective?
    I hate Google.

  6. #46

    Default

    I'll answer both questions in one :P Basically, I'm generating the reverse_tcp into an executable file, because this can be sent inside an organisation, and the whole point to this tutorial was to show how to get a host PC to connect back (reverse via TCP) to you on the outside, because the server is less likely to block outgoing connections than brutal inbound ones. Plus, because this is just a payload that connects and then accepts the meterpreter upload, there are no vulnerabilities required for it to work. Sound alright?

    ~phoenix910

  7. #47
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default

    Awesome, I never realized metasploit could be used in such a manner. So meterpreter is basically a backdoor? Also, you mention editing the file in such a way to avoid IDS and AV, just wondering if you have more info on that or any other tutorials?
    I hate Google.

  8. #48

    Default

    Not quite - meterpreter isn't a backdoor in itself - it is a post exploitation tool; whether you get in via another method or the one we've used; the backdoor in this instance is our little reverse_tcp payload (however, this does give us a "backdoor in", so to speak). And I included details in there for encoding the file so that it wasn't detectable by the Anti Virus - in terms of IDS, it'd really depend on its signatures - most dont pick up a single outgoing connection, but it really depends what your sending through etc. I don't have any other tutorials on that at this stage, so perhaps googling will help?

    ~phoenix910

  9. #49
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by phoenix910 View Post
    You need it to be on a separate local IP range, as far as I'm aware, otherwise you'll end up scanning yourself.

    ~phoenix910
    Thanks for the reply. Did you mean that if the victim has 192.168.1.1-255 local IP range, then I should have something like 10.0.0.1-255?

  10. #50

    Default

    Yep

    ~phoenix910

Page 5 of 9 FirstFirst ... 34567 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •