Part 2 - Running Metasploit as a Service
Video Activity
This lesson is about running metasploit as service. In this lesson, participants receive step by step instructions in how to accomplish this using the run persistence command which offers a number of options.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson is about running metasploit as service. In this lesson, participants receive step by step instructions in how to accomplish this using the run persistence command which offers a number of options.
Video Transcription
00:03
>> We've seen some methods
00:03
for maintaining access to the system including
00:03
setting up a persistent Netcat connection and
00:03
also using key loggers
00:03
to try to get information like what are
00:03
Windows logins or website logins,
00:03
system logins that the victim system is engaging in.
00:03
But another option is to actually install
00:03
the meterpreter shell itself as a service.
00:03
We can do this by using the persistence command.
00:03
If I run persistence dash h,
00:03
we can see all of our options here.
00:03
We can on that to start an exploit multi handler
00:03
to connect to the agent running back on our Kali system.
00:03
We specify the system that's
00:03
listening for the connection and then we have
00:03
other options like starting
00:03
the agent when the user logs in,
00:03
starting the agent when the system boots.
00:03
These are useful parameters.
00:03
Also, we can see how many seconds we want to
00:03
wait in between checking for a connection attempt.
00:03
It's pretty useful.
00:03
You'll notice that I am logged in as administrator,
00:03
I'm not system for this,
00:03
but it should still work.
00:03
What I can do is run
00:03
persistence and I'm going to do
00:03
this when the user logs
00:03
on because I like that idea better.
00:03
I'm going to check every five seconds.
00:03
I will specify port 443 and
00:03
then the system listening
00:03
for the connection is my Kali instance.
00:03
We see what happened here, it created a payload,
00:03
Windows meterpreter, Reverse TCP,
00:03
my local host, port 443.
00:03
It shows me where I created
00:03
the visual basic script that does the actual work.
00:03
Then also it's put this into autorun,
00:03
so same location we use for netcat earlier.
00:03
Actually not the same location,
00:03
it's HKCU instead of HKLM.
00:03
It's not local machine,
00:03
it's current user instead.
00:03
But in any case,
00:03
the net effect will still be the same.
00:03
Now that persistent script has been installed,
00:03
when the user logs into the system,
00:03
this will run and we should be able to set up
00:03
a handler back on our Kali instance,
00:03
in order to receive the connection.
00:03
Since I'm administrator, I do have
00:03
the privilege to run the reboot command.
00:03
I know I didn't cover this earlier,
00:03
but I can reboot the victim's machine, which is handy.
00:03
It says my session has died
00:03
and if I go to the vector machine,
00:03
I can see that it's rebooting
00:03
and should probably come right back up and log itself
00:03
in and it did.
00:03
Now if I go back to my Kali instance,
00:03
[NOISE] my old meterpreter session is closed of course,
00:03
but I can use the same handler I've been using.
00:03
Exploit multi handler,
00:03
this is the most versatile handler
00:03
for receiving connections.
00:03
My local host is already set,
00:03
my local port is already set.
00:03
Notice this must match the same port that I
00:03
used when I ran the persistent script to begin with.
00:03
You have to pay attention to those details.
00:03
But now, this is little bit
00:03
different than the connections we've been making.
00:03
Before we've been doing stage connections where
00:03
the victim must either have a payload running,
00:03
which tries to connect to a handler.
00:03
Depending on how you, how you do that,
00:03
that may be a little bit less reliable.
00:03
This connection is allowing us
00:03
to rely on the fact that we installed
00:03
the autorun code to allow this connection to be
00:03
basically trying every five seconds
00:03
until the handler starts
00:03
up on the Kali system.
00:03
Here we go. I caught it,
00:03
looks like a couple of seconds before
00:03
the next run and now I've got my meterpreter session.
00:03
I'm logged in as administrator.
00:03
Now, this connection will
00:03
check every five seconds as long
00:03
as the system is up and running.
00:03
If it gets rebooted, the autorun will
00:03
launch the meterpreter connection attempt again and
00:03
I'll have that available to me as the append tester
00:03
until that register entry gets discovered and removed.
00:03
Obviously, if you were on the victim system,
00:03
you might say, "Well, what are
00:03
some of these processes that are running here?
00:03
Why do I have connections?"
00:03
Maybe someone decides to
00:03
poke around a little bit
00:03
looking for established connections.
00:03
We see that I do have an established connection
00:03
back to the Kali instance,
00:03
which is what we see here,
00:03
129 on port 443.
00:03
If you're the person who is the victim,
00:03
you'd have to be paying attention
00:03
to look for these connections and I think,
00:03
why does that supposed to be there?
00:03
Maybe I was connected to a website 443 is
00:03
a port that blends in because it's
00:03
normally associated with SSL connections to websites.
00:03
But it is still something to think about.
00:03
Regardless of whether
00:03
the victim discovers the connection,
00:03
we can see how easy it is
00:03
to create this. Now this is here.
00:03
Anytime I want, I just start up
00:03
a handler and the connection
00:03
should happen within a five second interval.
00:03
Very handy. That ends this section. Thank you.
Up Next
Similar Content
