Results 1 to 3 of 3

Thread: (PROBLEM) Pentesting scenario - php/meterpreter to windows/meterpreter

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    15

    Default (PROBLEM) Pentesting scenario - php/meterpreter to windows/meterpreter

    Hi,

    I testing the following scenario at the moment: Windows XP SP3, full update, firewall built in, newest NOD 32 Antivirus updated.
    Standard payloady from Metasploit, they are being detected by NOD 32, however I managed to establish fully transparent sessions through php/meterpreter/reverse_tcp - how I did it - I would like to describe it later - it will be part bigger tutoriala. In short I used php meterpreter the same as windows meterpreter - everything in one executable file.
    Here stairs are beginning. Php meterpreter has the very limited functionality. I would like to do small brainstorm. How now to get full sessions through target windows/meterpreter or hmm other payload??? Perhaps other ideas for total taking over the test machine?

    NOD 32 - still fully working

    He has functions self defence - the ekrn.exe process as well as files are being protected, even log on the administrator doesn't have permissions to turning the process off.

    PHP/METERPRETER has the following functionalities:

    - stdapi:filesystem commands: ls, rm, pwd, cd, upload, download, cat, edit
    - stdapi:system commands: ps, kill, execute*, getpid, getuid, sysinfo
    - stdapi:network commands: portfwd
    - msfconsole commands: route

    I am inviting to commentaries.

    Best Regards

    P.S. sorry for my weak English.

  2. #2
    Junior Member leg3nd's Avatar
    Join Date
    Feb 2011
    Posts
    32

    Default Re: (PROBLEM) Pentesting scenario - php/meterpreter to windows/meterpreter

    Have you considered trying to upload another payload via php session, maybe with the payload backdoored to a legitimate windows executable? Or using some other encoding type to bypass the AV and establish a full session.

    Another thing you might want to give a try would be a java payload perhaps? Although I don't know if you have java installed.

    If you cannot kill the AV process as admin, I would think the only approaches would be: Encoding to bypass or privilege escalate to kill it (which may be difficult with your limited PHP functionality).

  3. #3
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: (PROBLEM) Pentesting scenario - php/meterpreter to windows/meterpreter

    Quote Originally Posted by num3r View Post
    Hi,

    I testing the following scenario at the moment: Windows XP SP3, full update, firewall built in, newest NOD 32 Antivirus updated.
    Standard payloady from Metasploit, they are being detected by NOD 32, however I managed to establish fully transparent sessions through php/meterpreter/reverse_tcp - how I did it -
    Or you could obfuscate the payload via the built in metasploit encoders.

Similar Threads

  1. Meterpreter Bypass UAC Windows 7
    By runlevel0000 in forum Experts Forum
    Replies: 2
    Last Post: 01-18-2011, 07:59 AM
  2. Antimeter Tool - Anti Meterpreter (Metasploit) for Windows
    By firebits in forum Tutoriais e Howtos
    Replies: 0
    Last Post: 10-15-2010, 12:51 PM
  3. Replies: 2
    Last Post: 09-23-2010, 07:44 AM
  4. Need help with windows/meterpreter/reverse_tcp
    By lifeisamalfunction in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 01-22-2010, 03:04 PM
  5. Replies: 1
    Last Post: 04-19-2009, 03:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •