[HELP] METERPRETER DROPPER

[Haxineer1337]

Ok. I have a Virtual Machine running BackTrack R5. How will I be able to make a reverse_tcp payload that connects over the internet when the victim has a strict NAT and a firewall? NEEDS TO USE METERPRETER.

I NEED THIS TO WORK WITH THE DUCKY.

PAST PROBLEMS HAVE COME UP WHERE THE EXE DOES NOT EXECUTE, PROBABLY DUE TO THE VIRUS BLOCK IN POWERSHELL. (TXT WORKS IN POWERSHELL)

Thanks.

ALSO: I HAVE TRIED DARK COMET BUT, AS AFOREMENTIONED, IT DOES NOT WORK. I CAN UPLOAD AND EXECUTE A DARK COMET RAT WITH METERPRETER.

Edited January 13, 2014 by Haxineer1337

[Haxineer1337]

Have you seen this project? It costs money but there is a free trial for 21 days.

The payload it uses (beacon) has a lot of functionality as well as the ability to stage itself over HTTPS or DNS (uses txt records so more data can be sent at once).

If you really want to use meterpreter have you tried using a reverse_https meterpreter? That would look like normal https traffic to most firewalls.

If you are deploying on any machines with antivirus installed you should really be encoding your payloads. I recommend using multiple iterations of different encoding. Then you can set the "CUSTOME_EXE" variable and use that. shikata_ga_nai is one of the best I know of available because of the fact that it is polymorphic.

Most AV vendors have become pretty adept at recognizing meterpreter because it is used so much, even when it is encoded. You should see this project on github because it is less well known and works pretty well.

What exactly are you trying to do where you need meterpreter? If beacon isn't a good alternative I could help you find one.

Thanks for the reply.

If you look at my other topic, I was going to upload a DarkComet RAT to the system. I tested the powershell wget and execute with a text file, (UPLOADED TO MEDIAFIRE), and thought it worked. IT DID NOT. THE TEXT FILE SEEMS TO BE IN SOME SORT OF HTML FORMAT. That means that was why the exe file was corrupted and not downloading. So it seems I must abandon this topic, as I do not require meterpreter any more. If you can shine some light on my other topic, I would be very grateful. Thanks for the initial reply.

[MB60893]

Just backing up about MediaFire and all other sites where you can download files etc, make sure you right click the button and copy the link address. If this doesn't work just inspect the button element and copy the URL.

[Xcellerator]

You cannot just grab direct download links from mediafire.

You agree, while using MediaFire Services, that you may not:

.
.
.

Use any robot, spider, offline readers, site search and/or retrieval application, or other device to retrieve or index any portion of the Services, with the exception of public search engines;

from: http://www.mediafire.com/policies/terms_of_service.php

Edited January 21, 2014 by Xcellerator

[MB60893]

I have had this problem recently myself. You can use something like SkyDrive, though. Make an account, and share the file with properties "Edit". No one unless they get the URL or can guess correctly out of the millions of combinations will be able to download the file. Give it a go. The link doesn't change either.

[Xcellerator]

SkyDrive is good. I know you used to be able to use GoogleDrive, but not 100% sure if you still can. 9/10 I just host the file myself and get the script to connect back to me - usually its a shell anyway, so I'm on the network..

If they're just scripts, then pastebin takes care of everything.