Page 4 of 13 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 123

Thread: Pentesting Documentation

  1. #31
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Correct. A good firewall should be blocking on the in and the out. I only allow specific ports to leave my LAN which I have designated on the firewall.

  2. #32
    Junior Member
    Join Date
    Mar 2009
    Posts
    83

    Default

    Quote Originally Posted by AnActivist View Post
    @laffing_man
    The firewall is on. It doesn't really matter either way though because I'm using a payload that has been turned into an executable and then executing that executable on the victims computer (Win XP box). The victim could have to the best firewall in the world but it doesn't block (at least to my knowledge and correct me if I'm wrong) traffic going out, only traffic going in. Basically the victim is sending the meterpreter shell to the attacker who is listening and waiting for it. I'm pretty sure this renders any firewalls useless but I could be wrong.
    Edit: I stand corrected read above.
    Yea the only reason I asked was because I'm kinda sorta doing the same thing as you. Just from a different approach. I am going from outside in, haven't really found a good way through the XP SP2 firewall yet. Just like you, I'm still learning. Keep up the good work man, I've been reading this thread and finally decided to post something!

  3. #33
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default Chapters 2-4

    I'm about 3/4 the way through chapter 4. Chapters 2-3 were really all about configuration, chapter four is very interesting but didn't really leave me with any new questions just a couple new answers. Here is a fun little mini-mini how-to describing how to disable a victim's keyboard (note: I just looked this up on the metasploit website as it pops up in a lot of custom scripts that are available there) and how to put active meterpreter sessions in the background without disconnecting from them. I'm still trying to figure out msfd.

    2/29/09 Notes

    Progress:
    -Find out how to start a meterpreter session and then disconnect from it but still have it remain active:

    This can be achieved with CTRL+Z, which will put a meterpreter session in the background so one can interact with the msfconsole again without ending the meterpreter session.
    Note: One thing that is strange is that when it asks you if you want to background your session using [y/N]? and you type "y"<enter> you will get an error message saying your command was invalid, however if you check your active sessions the meterpreter session was in fact put in the background and is still fully functional.

    -Learn about disablement of keyboard/mouse input.
    I really like this one, very fun possibilities. Its also very simple to do. Once in the meterpreter shell just use uictl followed by the specified parameters, you can use the -h option for help. In the following example I disable the victim's keyboard.
    Code:
    meterpreter > uictl -h
    Usage: uictl [enable/disable] [keyboard/mouse]
    meterpreter > uictl disable keyboard
    Disabling keyboard...
    meterpreter >
    -Can you execute a payload on a victim's pc which sends a meterpreter shell back to the attacker; who has used the msfd utility to listen on a specified port; then connect from another remote computer to the attackers computer and work with the meterpreter shell that has been sent to the original attacker?

    This is still being tested, the two main problems are:
    1. I'm not even sure if its possible.
    2. I can't get msfd to run in the background so that I can interact with the msfconsole again.

    Updated list of questions/curiousities:

    -Research Transmogrify to mask/unmask files as any file type.
    -What is network pivoting?
    -How to interface Metasploit with Nmap or Nessus?
    -Learn more about ilog, which is a method of Information logging.
    -What is Serve Message Block (SMB)?
    -Explore the potential of the Metasploit Data bases.
    -Can you execute a payload on a victim's pc which sends a meterpreter shell back to the attacker; who has used the msfd utility to listen on a specified port; then connect from another remote computer to the attackers computer and work with the meterpreter shell that has been sent to the original attacker?

  4. #34
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    14

    Default

    Quote Originally Posted by AnActivist View Post
    @laffing_man
    The firewall is on. It doesn't really matter either way though because I'm using a payload that has been turned into an executable and then executing that executable on the victims computer (Win XP box). The victim could have to the best firewall in the world but it doesn't block (at least to my knowledge and correct me if I'm wrong) traffic going out, only traffic going in. Basically the victim is sending the meterpreter shell to the attacker who is listening and waiting for it. I'm pretty sure this renders any firewalls useless but I could be wrong.
    Edit: I stand corrected read above.
    Do you assume that the victim does not have an antivirus installed? Because if (s)he does then you wont get your remote shell

  5. #35
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    14

    Default

    The firewall is on. It doesn't really matter either way though because I'm using a payload that has been turned into an executable and then executing that executable on the victims computer (Win XP box). The victim could have to the best firewall in the world but it doesn't block (at least to my knowledge and correct me if I'm wrong) traffic going out, only traffic going in. Basically the victim is sending the meterpreter shell to the attacker who is listening and waiting for it. I'm pretty sure this renders any firewalls useless but I could be wrong.
    Do you assume that the victim is not running an antivirus?Because if (s)he does then you wont get your shell.

  6. #36
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    @three3
    Check out these videos:
    http://vimeo.com/2601277
    http://vimeo.com/2601277

  7. #37
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I think others would appreciate what you've done here. Maybe it should be wiki'fied? http://backtrack.offensive-security.....php/Main_Page
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #38
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    @KMDave
    This is from a little while ago when KMDave suggested that I start msfd before I run the exploit. I thought that this would be a good idea too but I don't think that it is possible. After doing a bit of research I read that msfd runs in "daemon" mode as a default, from my understanding this meant that it could run in the background of the msfconsole session. However, then I a section of the remote-exploit wiki that shows an example of msfd being run in daemon mode and it does not return the "user interaction" (for lack of a better phrase). Link: https://wiki.remote-exploit.org/backtrack/wiki/msfd
    Even though neither my first test or this one has been completely successful I am still hopeful that this goal:
    -Can you execute a payload on a victim's pc which sends a meterpreter shell back to the attacker; who has used the msfd utility to listen on a specified port; then connect from another remote computer to the attackers computer and work with the meterpreter shell that has been sent to the original attacker?
    is still possible. The reason I am still hopeful is because in the msfd source I found an interesting comment: "The nice thing about this interface is that it allows multiple clients to share one framework instance and thus makes it possible for sessions to to be shared from a single vantage point". Link: http://trac.metasploit.com/browser/f...rk3/trunk/msfd. This leaves me to conclude that there is simply something I am doing wrong/forgetting to add. Maybe someone who is more knowledgeable can drop a hint.
    Edit: Something a little bit exciting; I started msfd from a terminal session instead of a msfconsole session and msfd was able to run in the background, however when I tried to perform the same experiment as below it failed again.

    @thorin
    Thank you for the recognition, PMed.

  9. #39
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    This is actually one of the best threads I've read over the last weeks. I really appreciate that you share your findings, questions and solutions with the community.

    Going to look into the msfd myself tomorrow, will have some more time for it by then.

    Keep up the good work, it is a valuable contribution. I hope that this encourages more people to share their learning experience
    Tiocfaidh ár lá

  10. #40
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    14

    Default

    Quote Originally Posted by AnActivist View Post
    @three3
    Check out these videos:
    I was playing with msfencode yesterday and i posted the above comment to tell you that it depends on the antivirus engine (== update) if the initial step will succeed. So you have to play around a little with the binary so as to trick the antivirus engines. Some relevant ideas are described here:

    forums.remote-exploit.org/showthread.php?t=21518

Page 4 of 13 FirstFirst ... 23456 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •