Jump to content

python meterpreter session and persistence


karencho

Recommended Posts

Hello ,

today i saw on youtube : https://www.youtube.com/watch?v=5jqaBgLxS_M

 

python crypter ,if i generate meterpreter.py with this crypter and run it with some powershell scrpit i can run that meterpreter.py every time on windows startup but session will expire if the host will not be turned on for example yes(if with this moment i am not using computer that runs kali linux it is turned off)? how can i do to when i run meterpreter.py that session will not be lost until it connects to host ,so session never expires that is possible?if yes can yo give clue to do it?

Link to comment
Share on other sites

With respect to a reverse shell, sessions only last while in use between the two machines in question are actively communicating to one another. With a bind shell, the victim can listen and keep alive till you establish your connection to it.

I don't know what is in the code, but of it calls home to send a reverse shell, if it's not there to pick up, it will fail. You would have to set the script up to run as a daemon/service, or schedule it to check every so often like a cron job/scheedule task, if dead, sleep for a while, then try again, if connected, sleep till closed, then restart the service or scheduled task. If it were a bind shell, then it would only need to listen on boot and keep the connection alive while waiting, but that generally fails behind NAT if no port forwarding is on the gateway to the victim machine.

To test, you need to setup some VM's or old machines on your network with what you saw in the video and reproduce the setup to match your network settings, and then work it out from there what needs to be done. If on the same LAN, then a bind shell is fine, but over NAT, then you need to make the machine call you and work out how to keep calling to check as needed. 

Link to comment
Share on other sites

13 hours ago, karencho said:

so if will create a bind shell it will be alive until i connect to it yes?and for a bind shell i need to know public ip adress to work over the wan yes?

Not exactly. Bind shell listens on a port, regardless of LAN or WAN. It's open to anyone that can connect to it. It's getting to it that is the hard part.

If on the same LAN, then you won't have an issue with a bind shell in most cases but the local firewall on the box might prevent it as well, and that can happen.

If over NAT from outside the gateway, then you have to either port forward on the router to see the machine with the bind port open, or put it in a DMZ, both of which make things less secure to begin with, and if were already in place, not good. The better way, is have it call you with a reverse shell if you don't want others discovering and using the machine as well.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...