Jump to content

meterpreter reverse_tcp question


Recommended Posts

Just wondering if meterpreter reverse_tcp payload can connect back to local host that doesn't have metasploit installed.  Is there a stand alone handler/listener that can work with meterpreter, or do I need to do full install of metasploit?  Can programs like netcat listen for meterpreter inbound connection?

BTW, are there any metasploit/pentesting forums around that's any good?  Looked on Rapid7, but they have some sort of curated knowledge base, not really a forum.

Link to comment
Share on other sites

I've not tried it but you could probably use msfvenom to build a binary using multi handler and the payload and then run that on the machine you want to listen on. You would need a full Metasploit install to create the binary but it wouldn't need to be on the listening machine.

Link to comment
Share on other sites

You can set netcat to listen, and when it connects back, you will see the connection, but not be able to interact with it. Sometimes funky characters come back in the console(from what I recall) but not always.

If it's not metasploit communicating with it, it won't setup the session properly, when meterpreter based payloads are used. If using meterpreter based payloads, as far as I know, you need to be listening in metasploit to handle the session(or armitage, which is just a GUI base for metasploit, just an example), but maybe there are options to change that in msvenom when creating the payload, or, just use a generic one not meterpreter based instead. When you use a meterpreter based shell, metasploit looks for specific hooks to send a stager back over, which are also architecture based, ie: x86 meterpreter shell vs x64 based, and handle the connection differently in how it gets executed on the victim machine and to the attacker.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...