BlueWyvern Posted December 17, 2010 Share Posted December 17, 2010 Hey guys, This comes on the white hat side of things... But is there any sure fire way to know that you have been the victim of a metasploit attack? Further from that is there any easy way to clean it out, or does it call for ye olde reformat? I realize there is no single infection with metasploit as there are different payloads and what not. does it install most exploits as a service or as autorun in the registry? Thanks! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 17, 2010 Share Posted December 17, 2010 Depends on how savvy the person was with metasploit. First, you should look for any weird looking kids around you wearing rollerblades. Metasploit exploits are done if you reboot your PC. UNLESS they install the meterpreter server on your PC, which is easy enough to spot. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 17, 2010 Share Posted December 17, 2010 (edited) There are ways you can find out, if there are any active connections on your computer. You could use process explorer, to watch out for any process that is not appearing in the task manager. Secondly, you could use TCPVIEW to display all the active connections on your computer. And thirdly, install an AV like Avast, it has many times during my pen-testing in my Virtual Lab blocked metasploit attacks. Edited December 17, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
BlueWyvern Posted December 17, 2010 Author Share Posted December 17, 2010 Thanks Guys, I have been used to spotting and removing other malware for people (namely my sister) and I saw many a video with mubix showing the wonders of metasploit and thought... "awww shit" lol as far as meterpeter does it show up as a service or ??? Thanks again Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 17, 2010 Share Posted December 17, 2010 (edited) http://www.offensive-security.com/metasploit-unleashed/Persistent_Meterpreter_Service and http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor_Service Take a read. Should have information you need/want. Edited December 17, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
BlueWyvern Posted December 17, 2010 Author Share Posted December 17, 2010 http://www.offensive-security.com/metasploit-unleashed/Persistent_Meterpreter_Service and http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Backdoor_Service Take a read. Should have information you need/want. awesome tyvm Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.