Metasploit mailing list archives
use of meterpreter (copy for the list )
From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 14 Apr 2005 03:43:58 -0500
On Thu, Apr 14, 2005 at 10:14:56AM +0200, Thomas Werth wrote:
Lets see if i understand correctly : Exploiting another host and using meterpreter is first i do. Now the portfwd of meterpreter isn't running on victims host, instead it is running on "my" host, correct ?
Sort of. The "listener" is running on your local machine. When you connect to the local port, the meterpreter client that is running on your machine talks to the meterpreter server that is running on the machine you exploited and asks it to open a TCP connection to the remote host and port that you specified with your port forward on your behalf. The result acts just like a normal port forward. I'll describe the packet flow at the end of this message [1].
Now i setup portforwading using localhost and next desired target-ip. When now running attack based on proxy protforwading does it job and exploit should work , correct ?
Yep -- it should be entirely transparent.
Now my question for better understanding : As portforwading is running on my host and target ip is different from "proxy Host" why do i need to exploit the proxy host as it seems to me this host isn't needed when using localhost and next target ip for "proxy attack " ? How is the "flow of packets" ?
I think there's a disconnect here. While there is a "listener" running on your machine, it is not your machine that actually establishes the connection to the target machine. Instead, the meterpreter server instance that is running on the machine you exploited is what is responsible for actually establishing the connection to the target machine. This is what allows you to pivot onto other networks that you would otherwise not be able to access directly.
In case of logging on "next target host" which attacker ip will be logged ?
The address of the 'ProxyHost' from your previous example is what will be seen as the requestor address by the 'next target host'. [1] If you're familiar with SSH tunnels then this should make sense. This step-by-step demonstrates establishing a connection from your machine (123.0.0.1) through a firewall (10.0.0.1) to an internal machine (10.0.0.254) on port 22: 1. A listener is set up on 127.0.0.1:4444 on your client machine. 2. You telnet to 127.0.0.1:4444, causing the meterpreter client on your machine to send a message (network_open_tcp_channel) with the target information of 10.0.0.254:22 3. The firewall (10.0.0.1) then establishes a TCP connection to 10.0.0.254 on port 22. Once the connection is established, the meterpreter server running on the firewall sends a response with a unique channel identifier to the meterpreter client running on your machine. 4. When you send data through telnet, the meterpreter client reads it in and encapsulates it in a message (core_channel_write) that is sent using the unique channel identifier that the client and server agreed on. 5. When the server receives the core_channel_write request, it decapsulates the data and transmits it to the TCP connection that is established with 10.0.0.254 on port 22. Steps 4 and 5 are exactly the same when it comes to data originating on the server side that needs to be sent to the client. 6. When you close telnet, a message (core_channel_close) is sent from the meterpreter client to the server which causes the server to close the TCP connection with 10.0.0.254:22. Hope that helps!
Current thread:
- use of meterpreter Thomas Werth (Apr 14)
- use of meterpreter mmiller at hick.org (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 15)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 15)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 15)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 19)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter mmiller at hick.org (Apr 14)