Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

The final step in the Win7 reverse shell exploit is to get the file onto the victim's system. In this example, the attack vector is a USB thumb drive. Once the victim has been enticed to run the executable on the target, the handler running on the client detects the connection requests and establishes a connection with the target. From there, we have full shell access and can perform a host of potentially malicious actions: examine the process list, run the sysinfo command, migrate the connection to another process in order to keep it running, as well as escalate privileges on the target.

Video Transcription

00:04
Okay, so now on our Windows machine, we will
00:09
catch that done. Dr.
00:17
I don't know what I'm saying. That
00:21
all right,
00:22
now, I could drag this to the desktop.
00:25
So as I said before, the trick is to get this file to the victim.
00:30
I'm just demonstrating the concept of getting connected.
00:33
So the victim thinks they're gonna look at the slide show, then go ahead
00:37
and run the program.
00:39
If we go back to Cali,
00:41
we see that we have a connection.
00:44
So the handler was listening for this connection.
00:47
It sent the stage over to the remote host.
00:52
And I got connected on the port that I expected to.
00:56
So once I'm connected,
00:58
there's a lot of things I can do. For instance, I can
01:02
look at a process list.
01:04
I could run the
01:07
since Info Command
01:08
shows me a lot of information about my
01:11
remote system.
01:15
Pretty handy
01:19
on then. What? You're connected. Of course, you can do other things too, Like my great
01:23
your process somewhere else. So let's say the program
01:27
the payload that we just generated was part of an application. You bundled it in.
01:32
If the person quits the application than the
01:40
the connection may die, so we can do is migrate the connection
01:45
to another process.
01:53
So it looks like it spawned a note pad down the exit process.
01:57
And now it's moved to, uh,
02:01
process I d 13 88 when it was previously 992
02:05
So it's pretty obviously what we have we just done there. We can also try to escalate our privileges
02:14
already been loaded, okay?
02:17
And there's all kinds of things we can get into. But
02:21
the concept here is to see how the connection worked. The trick is to get the
02:25
the infected filed two to the pen testing object.
02:30
All right, that's all for this section. See you in the next one. Thank you.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor