Jump to content

[Version 1] Possible To Spawn A Meterpreter Session?


mackwage
 Share

Recommended Posts

Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once.

Thoughts?

Link to comment
Share on other sites

Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once.

Thoughts?

Interesting you bring that up! I just started working on getting something like that working about 3 hours ago with the help of SET. I'll report back when I make progress.

Link to comment
Share on other sites

Great! Keep me up to date! :)

I certainly will! It will actually be similar to his Teensy attack from SET. It'll create an inject.bin file that will type out binary in notepad, use some powershell, and run it. I'm running into a SET issue right now with it being finicky about importing 3rd party modules, but I'll definitely keep this thread posted with info

Link to comment
Share on other sites

A quick to deploy and effective payload creates a txt file with FTP commands, then schedules an "FTP -S" task to run said commands at a specific time (like after hours when the user is away from their desk) using the AT command.

The SET binary - hex converter will work on the Ducky as does IllWill's encode.vbs and decode,vbs http://dabermania.blogspot.com/2011/03/converting-any-file-to-ascii-for.html

Link to comment
Share on other sites

SET payload is almost done. It's all in python, and this will be my 2nd python script ever, so it's taking some time as I learn the syntax and stuff. Whitespace dependent is not something that is easy to work with, but I'm getting used to it. The script actually runs and works, creates an inject.bin, though it's dependent on duckencoder/jpduckencoder to actually create the bin file. I'm hoping to port the conversion code to python and have it all self contained, and clean up the script. If it gets fully done I'll post it this weekend!

Link to comment
Share on other sites

or just use the single netcat and escalate that to a meterpreter session and pivot and then get multiple sessions? but sticking in a duck and pwning is so much faster than pivoting lol. but thats another option, biggest step is getting your foot in the door and move around from there.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...