Meterpreter fun

[$hells710]

Hey everyone! Really excited for the  squirrel!!! For hak5 product I got on launch day. I’ve only been studying computer security for a little over a year and all type of programming are still new too me. But I do think a payload that similar too how the hop.php script works with the pineapple would be really cool. Deploy the squirrel at a site with a Meterpreter payload on it and then use the ducky/bunny/etc... to get the victims to run the payload, then you can come back at a later time and connect to view your sessions.  I’m sure it’s a more basic idea but I think it would be cool to just flip the switch and do the thing. Ideas anyone?

[sundhaug92]

Add 3G/4G or ethernet and you could attach to it remotely

[$hells710]

Of course. Maybe my mind wasn’t all there when I posted this. I meant for it to be more of a session collector for Meterpreter. Flip the switch, plug into a box, and deploy your payload how ever works for you. Then you can connect back at a later time to see the sessions. And of course adding 3g/4g to be able to leave the site. 

[PoSHMagiC0de]

You could make your own, light weight, session manager for the Squirrel and agent for the machines.  Come back through vpn and use simple C&C you built and to deploy meterpreter to your agents to start a process for and manage that way tunneling meter sessions through vpn to real machine with HP to do it.  Leaving meter on a machine with AV too long might get it caught.  Putting something brand new not seen before and with no malicious code already present in it has a higher chance of slipping under the radar.

[Dave-ee Jones]

16 hours ago, PoSHMagiC0de said:

You could make your own, light weight, session manager for the Squirrel and agent for the machines.  Come back through vpn and use simple C&C you built and to deploy meterpreter to your agents to start a process for and manage that way tunneling meter sessions through vpn to real machine with HP to do it.  Leaving meter on a machine with AV too long might get it caught.  Putting something brand new not seen before and with no malicious code already present in it has a higher chance of slipping under the radar.

You mean something like...

WabbitWeb?

Or..

PoSHMagiC0de's BBTPS-thingy?

Speaking of which I'll need to re-create WabbitWeb for Packet Squirrel (WebNut?) - I don't think it has Python on it though, does it?

[Decoy]

13 hours ago, Dave-ee Jones said:

You mean something like...

WabbitWeb?

Or..

PoSHMagiC0de's BBTPS-thingy?

Speaking of which I'll need to re-create WabbitWeb for Packet Squirrel (WebNut?) - I don't think it has Python on it though, does it?

It has python, PHP, as well as Bash.

[PoSHMagiC0de]

I ordered me one yesterday so I will definitely find out when it arrives.  Something like our BB projects Davee but more of a place the sessions can check in to connect and keep alive on until you remote in and have it do something.  So a cpmbo of wabbit web for a webconsole to control and BBTPS with the on system agent that doesn't end unless you tell it to.

[$hells710]

1 hour ago, PoSHMagiC0de said:

I ordered me one yesterday so I will definitely find out when it arrives.  Something like our BB projects Davee but more of a place the sessions can check in to connect and keep alive on until you remote in and have it do something.  So a cpmbo of wabbit web for a webconsole to control and BBTPS with the on system agent that doesn't end unless you tell it to.

Thank you. See it just takes someone who knows what they’re talking about to properly say it. 

[Dave-ee Jones]

On 10/25/2017 at 11:34 PM, Decoy said:

It has python, PHP, as well as Bash.

Coolio. So we can get away with a PHP or a Python webserver - sounds good.