Questions tagged [meterpreter]
134 questions
19
votes
2 answers
How does process migration work in Meterpreter
Did anyone try to figure out how process migration works in Meterpreter in Windows? I want to make my own script to learn that, but am failing to find a starting point for that. Well, I have an idea to use NtQuerySystemInformation library and its…
Artur Korobeynyk
- 321
- 1
- 2
- 6
10
votes
1 answer
Meterpreter (Metasploit) anonymous reverse connection over Tor2web
The general consensus seems to be that one sets up a listener on a server accessible by a public IP and some port forwarding. For anonymity this should be a throw-away server or a hacked box.
I've been trying to make a reverse connection over tor…
Polarsbear
- 111
- 1
- 7
9
votes
2 answers
Gained Privilege Escalation but no authority using Metasploit
I am facing a very weird issue. I have successfully popped a box using Shellter with Meterpreter_Reverse TCP.
Here is the sysinfo :
meterpreter > sysinfo
Computer : ********
OS : Windows 10 (Build 14393).
Architecture :…
Sankalp Singha
- 301
- 1
- 3
- 6
8
votes
2 answers
Can we decrypt captured malware (Meterpreter) HTTPS/SSL traffic with the keys from memory?
A machine on our network was compromised with Meterpreter.
We have traffic captures from the entire period of the compromise and a memory dump of the infected machine at a time when the connection was established.
Can we decode the HTTPS/SSL traffic…
Yara
- 81
- 2
8
votes
2 answers
Snort rules to detect Meterpreter sessions
I am learning while configuring Snort, my setup consists in an attacker (Linux), a victim (Android smartphone) and one detection system (IDS). So far, I have been able to log all the packets between the attacker and victim including the Meterpreter…
Mahip
- 81
- 1
- 4
6
votes
2 answers
How does the Meterpreter load modules?
I've been using the Meterpreter for some time and I'm still quite new to it and one of the questions I have is how it's module loading works.
Correct me if I'm wrong as I'm still learning how to use Metasploit, but to the best of my knowledge I know…
eclipse
- 83
- 4
5
votes
2 answers
Meterpreter session over VPN
I have the following situation:
Attacker machine connected to a router with public IP assigned from ISP, forwarding enabled.
Victim machine connected to another router, (obviously) different IP assigned from different ISP.
I want establish a…
MKay
- 153
- 1
- 1
- 5
4
votes
3 answers
Meterpreter shell and system shell define?
What is the difference between Meterpreter shell and system shell?
For example, if I found some vulnerability in a system which allowed both shells, then what should I go for, system shell or Meterpreter shell?
What kind of stuff can I do with…
Utkarsh Agrawal
- 493
- 1
- 8
- 15
4
votes
2 answers
Metasploit opens Meterpreter but shows no prompt please help
I have created a payload to a website with msfvenom, and started the exploit/multi/handler listener, they then connect to each other and create a meterpreter session as seen below.
The problem is, I do not get the meterpreter prompt which I should…
ipmev12
- 43
- 1
- 3
4
votes
1 answer
Auto execute meterpreter commands on session start
Is there a way to run one or multiple meterpreter commands automatically, as soon as the listener gets a connection (i.e session is established with a target)? I want to run the 'hide_app_icon' command as soon as a session is gained. Any ideas?
PS:…
wishchaser
- 175
- 1
- 1
- 8
4
votes
2 answers
Meterpreter HTTPS detected by IPS
I am busy with security testing on a clients network and was asked to show how "easy" AV evasion is. I created a nice powershell reverse HTTPS file through veil-evasion, which is not detected by the Symantec virusscanner (testing with Norton…
Wealot
- 879
- 2
- 12
- 25
3
votes
1 answer
How do you send a 64 bit meterpreter stager?
All the stagers that are sent seem to be 32 bit. This is fine, until I have to run Mimikatz which on a 64 bit system you NEED to run the 64 bit mimikatz. Since the 64 bit Mimikatz won't run on the 32 bit meterpreter, I'm in need of the 64 bit…
bzupnick
- 131
- 1
- 2
- 4
3
votes
1 answer
Meterpreter on non-jailbroken Iphone
I found this at github: https://github.com/AnwarMohamed/meterpreter-darwin
Does anybody know if this works on a non-jailbroken Iphone?
I downloaded it on my and double-clicked on the Makefile-icon, inside the OSX directory, but my OS just keeps…
user500468
- 175
- 1
- 3
3
votes
1 answer
What causes a powershell payload to run the first time but not the second?
I created a windows/meterpreter/reverse_https powershell payload using the python script provided at the end of this article. In the first run, the meterpreter session opened successfully, when I closed it and tried to execute the powershell command…
user41696
3
votes
1 answer
How to connect to a meterpreter session opened manually on the target machine
I am trying to exploit a Windows 7 VM using metasploit. I was able to open a java meterpreter session and I want to access a native meterpreter. To do so I exported a meterpreter/reverse_tcp payload to an .exe using msfvenom:
msfvenom -p…
Ignatius_Gim
- 141
- 1
- 1
- 4