karencho Posted July 19, 2017 Share Posted July 19, 2017 Hello , today i saw on youtube : https://www.youtube.com/watch?v=5jqaBgLxS_M python crypter ,if i generate meterpreter.py with this crypter and run it with some powershell scrpit i can run that meterpreter.py every time on windows startup but session will expire if the host will not be turned on for example yes(if with this moment i am not using computer that runs kali linux it is turned off)? how can i do to when i run meterpreter.py that session will not be lost until it connects to host ,so session never expires that is possible?if yes can yo give clue to do it? Quote Link to comment Share on other sites More sharing options...
digip Posted July 19, 2017 Share Posted July 19, 2017 With respect to a reverse shell, sessions only last while in use between the two machines in question are actively communicating to one another. With a bind shell, the victim can listen and keep alive till you establish your connection to it. I don't know what is in the code, but of it calls home to send a reverse shell, if it's not there to pick up, it will fail. You would have to set the script up to run as a daemon/service, or schedule it to check every so often like a cron job/scheedule task, if dead, sleep for a while, then try again, if connected, sleep till closed, then restart the service or scheduled task. If it were a bind shell, then it would only need to listen on boot and keep the connection alive while waiting, but that generally fails behind NAT if no port forwarding is on the gateway to the victim machine. To test, you need to setup some VM's or old machines on your network with what you saw in the video and reproduce the setup to match your network settings, and then work it out from there what needs to be done. If on the same LAN, then a bind shell is fine, but over NAT, then you need to make the machine call you and work out how to keep calling to check as needed. Quote Link to comment Share on other sites More sharing options...
karencho Posted July 19, 2017 Author Share Posted July 19, 2017 so if will create a bind shell it will be alive until i connect to it yes?and for a bind shell i need to know public ip adress to work over the wan yes? Quote Link to comment Share on other sites More sharing options...
digip Posted July 19, 2017 Share Posted July 19, 2017 (edited) 13 hours ago, karencho said: so if will create a bind shell it will be alive until i connect to it yes?and for a bind shell i need to know public ip adress to work over the wan yes? Not exactly. Bind shell listens on a port, regardless of LAN or WAN. It's open to anyone that can connect to it. It's getting to it that is the hard part. If on the same LAN, then you won't have an issue with a bind shell in most cases but the local firewall on the box might prevent it as well, and that can happen. If over NAT from outside the gateway, then you have to either port forward on the router to see the machine with the bind port open, or put it in a DMZ, both of which make things less secure to begin with, and if were already in place, not good. The better way, is have it call you with a reverse shell if you don't want others discovering and using the machine as well. Edited July 19, 2017 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.