Results 1 to 7 of 7

Thread: Spawning Meterpreter Session from a Meterpreter Session

  1. #1
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    5

    Default Spawning Meterpreter Session from a Meterpreter Session

    Hi! I just managed to set up my Windows vm using Vmware, and I'm very eager to learn about pentesting. I've ready many tutorials both on this forum, and other websites, and I've managed to gain access to my vm by exploiting ms08_067_netapi. I used a payload of windows/meterpreter/bind_tcp, and I was able to spawn a Meterpreter session. I then read that I should migrate my pid to EXPLORER.EXE so my exploited program isn't closed. After doing this, I attempted to set up a keyloger (using keyscan_start and keyscan_dump) on iexplorer.exe and see if I could catch what my "victim" was browsing, and everything worked! However, after I closed my iexplorer.exe on my vm, my meterpreter shell stoped responding. Which makes sense, because I didn't "migrate" to a new pid before I closed iexplorer.exe.

    So my question is, is there a way to spawn a Meterpreter Session from a current Meterpreter Session, or do I have to re-exploit the vm to gain another Meterpreter Session. My thinking is that if I can spawn a Meterpreter Session from my current one, I don't have to worry about iexplorer.exe getting closed before I can migrate out, because I'll have another session still logged in. I was also looking into channels and they looked like a viable way to keylog in a program but not lose my connection if that program was closed.

    I'm still learning about Backtrack and Metasploit so I'm sorry if this is a simple question or that I'm missing something basic. Thanks for any feedback!

  2. #2
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    Does not matter if you opened a million handlers/listeners you only have 1 process on the machine, if that's closed then it`s sianara. You need to enable some kind of persistence backdoor if you want to regain access to the machine without having to re-exploit it, google "persistence script".
    Last edited by killadaninja; 06-24-2010 at 06:03 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  3. #3
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    You probably want to migrate to a process that is less likely to be closed during a normal session such as svchost.exe or explorer.exe. Then setup a reliable persistent backdoor that you can retain access.

    Yes you can have multiple sessions running on the same machine but is unnecessary.

  4. #4
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    Before running the exploit, configure also AutoRunScript, getting this:

    set AutoRunScript persistence

    So you create a "backdoor" in the moment you connect to the target. Then just use the multi/handler to connect afterwards.

    See also.

    http://www.backtrack-linux.org/forum...tml#post165596
    (gdb) disass m(y_br)ain

    ®

  5. #5
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    5

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    Ok I see. I'll take a look and that link and google some of those keywords. Thanks for your help, and the quick replies!

  6. #6
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    5

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    for some reasons its good to take a netcat out.
    with this you can quickly run a remote-shell..

    but you have to upload your file to the machine.
    i think fot quick checks it is ok to use netcat..

  7. #7
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    5

    Default Re: Spawning Meterpreter Session from a Meterpreter Session

    Thanks for all your help guys! I followed the tutorial on Metasploit Unleashed for setting up a Meterpreter Backdoor Service, and it worked perfectly. Thanks everyone!

    And sorry for the double post..

Similar Threads

  1. meterpreter session not created
    By djlaksh in forum OLD Newbie Area
    Replies: 16
    Last Post: 09-09-2009, 04:39 PM
  2. Meterpreter session
    By serpens in forum OLD Newbie Area
    Replies: 4
    Last Post: 07-21-2009, 07:07 AM
  3. Meterpreter sound on new session?
    By rmills in forum OLD Newbie Area
    Replies: 9
    Last Post: 07-06-2009, 05:57 PM
  4. Can a Meterpreter session be encrypted?
    By youmansk in forum OLD Newbie Area
    Replies: 0
    Last Post: 06-10-2009, 05:58 PM
  5. Replies: 1
    Last Post: 04-19-2009, 03:41 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •