Jump to content

meterpreter session


karencho

Recommended Posts

Hello i have installed meterpreter payload on victims computer over the WAN ,now i want to know how to do so meterpreter was calling back to multiple ip, i have always deferent ip address ,using vps or public wifi .... so how to do so meterpreter calling back to ip address that i use now? is that possible?

 

and one more when i install payload on victims machine it is calling me back perfectly ,but if i install another payload on deferent machine ,but that machine is located on the same network that was first victim will it call me back or it will conflict with first one?

Link to comment
Share on other sites

You could probably use a service like DynDNS:

https://dyn.com/dns

This will allow you to use a hostname instead of an IP address. So if you don't have a static IP - something like this would be your best bet I think. All you have to do is update your DNS service whenever your IP changes. You would also need to create your payload again, using the hostname as opposed to the IP.

Link to comment
Share on other sites

so you are saying register in dyn.com/dns create payload using hostname of dyn.com and thats it .... then it will redirect it to my ip address yes and when ip will change i will change records in dyn.com and it will automaticly redirects it to new ip address ? did i get write or wrong?

Link to comment
Share on other sites

No, that's exactly right. That's the purpose of having a service like that, for when you don't have a static IP. There are some more details here:

https://help.dyn.com/remote-access/getting-started-with-remote-access/

There are some other alternatives that accept bitcoin and such if you're concerned about privacy:

https://www.noip.com/

Also, I know there are some VPN services that offer port forwarding. So if you have AirVPN or something similar, you just connect to your VPN. Your payload would then point to the hostname/port provided by your VPN service. It's all a matter of preference.

Link to comment
Share on other sites

port forwarding is not a problemm ,thanks for quick reply, can you tell me one more thing, how can i do to meterpreter session was calling back to host for 12-15 hours?is that possible? because by the default it is calling back for 15-20 minutes than dying ....

and one more thing if i will configure that infected exe file take action on windows start up every day will it corrupt or crush windows work ,will windows normaly works like it works before?

Link to comment
Share on other sites

If you're comfortable with Ruby, I think you can modify the payload session time out here:

https://github.com/rapid7/metasploit-framework/blob/cac890a797d0d770260074dfe703eb5cfb63bd46/lib/msf/core/payload/python/meterpreter_loader.rb

met.sub!('SESSION_EXPIRATION_TIMEOUT = 604800', "SESSION_EXPIRATION_TIMEOUT = #{datastore['SessionExpirationTimeout']}")
met.sub!('SESSION_COMMUNICATION_TIMEOUT = 300', "SESSION_COMMUNICATION_TIMEOUT = #{datastore['SessionCommunicationTimeout']}")
met.sub!('SESSION_RETRY_TOTAL = 3600', "SESSION_RETRY_TOTAL = #{datastore['SessionRetryTotal']}")
met.sub!('SESSION_RETRY_WAIT = 10', "SESSION_RETRY_WAIT = #{datastore['SessionRetryWait']}")

I'm not 100% on this, someone more familiar with the framework might know better. But it looks like each payload references SessionCommunicationTimeout. So adjusting that might work. If your pentest requires a persistent shell, it might be better to try forwarding some ports on the target machine. Also - if you haven't already, test your payload exe file on VirusTotal - as typically a generic meterpreter payload will be flagged by most AV software. You might be better off designing your exploit from scratch if your pentest requires you to remain undetected.

Edited by Decoy
Link to comment
Share on other sites

The only thing a stock reverse tcp payload is doing is firing off a reverse shell and potentially binding to another process. You're going to have to get creative with Ruby if you want to design your own payload; however in my experience Pentesting shouldn't destroy anything on the target system(s).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...