GithubHelp home page GithubHelp logo

hartl3y94 / meterpeter Goto Github PK

View Code? Open in Web Editor NEW

This project forked from r00t-3xp10it/meterpeter

0.0 0.0 0.0 50.16 MB

C2 Powershell Command & Control Framework with BuiltIn Commands

C# 0.23% PowerShell 99.13% HTML 0.49% Batchfile 0.15%

meterpeter's Introduction

Author: @r00t-3xp10it
Version release: v2.10.12
Distros Supported: Windows (x86|x64), Linux
Inspired in the work of: '@ZHacker13 - ReverseTCPShell'

banner

Version Stage Build licence Last Commit isues Repo Size


:octocat: Quick Jump List


:octocat: Project Description

This PS1 starts a listener Server on a Windows|Linux attacker machine and generates oneliner PS reverse shell payloads obfuscated in BXOR with a random secret key and another layer of Characters/Variables Obfuscation to be executed on the victim machine (The payload will also execute AMSI reflection bypass in current session to evade AMSI detection while working). You can also recive the generated oneliner reverse shell connection via netcat. (in this case you will lose the C2 functionalities like screenshot, upload, download files, Keylogger, AdvInfo, PostExploit, etc)

meterpeter payloads/droppers can be executed using User or Administrator Privileges depending of the cenario (executing the Client as Administrator will unlock ALL Server Modules, amsi bypasses, etc.). Droppers mimic a fake KB Security Update while in background download\exec Client in '$Env:TMP' trusted location, with the intent of evading Windows Defender Exploit Guard. meterpeter payloads|droppers are FUD (please dont test samples on VirusTotal).

Under Linux users required to install powershell and apache2 webserver, Under Windows its optional the install of python3 http.server to deliver payloads under LAN networks. If this requirements are NOT met, then the Client ( Update-KB4524147.ps1 ) will be written in meterpeter working directory for manual deliver. oki1


Quick Jump List



ATTACKER MACHINE: [Linux Kali]

  Warning: powershell under linux distributions its only available for x64 bits archs ..

linux


Install Powershell (Linux x64 bits)

apt-get update && apt-get install -y powershell

Install Apache2

apt-get install Apache2

Start Apache2 WebServer

service apache2 start

Start C2 Server (Local)

cd meterpeter
pwsh -File meterpeter.ps1

Deliver Dropper/Payload To Target Machine (apache2)

USE THE 'Attack Vector URL' TO DELIVER 'Update-KB4524147.zip' (dropper) TO TARGET ..
UNZIP (IN DESKTOP) AND EXECUTE 'Update-KB4524147.bat' (Run As Administrator)..

Remark:

 IF dropper.bat its executed: Then the Client will use $env:tmp has its working directory ('recomended')..
 IF Attacker decided to manualy execute Client: Then Client remote location (pwd) will be used has working dir .

Quick Jump List



ATTACKER MACHINER: [Windows PC]

frd


Install Python3 (optional)

Install Python3 (http.Server) to deliver payloads under LAN networks ..

https://www.python.org/downloads/release/python-381/

Check if python http.server its installed

$Local_Host = ((ipconfig | findstr [0-9].\.)[0]).Split()[-1]
python -m http.server 8080 --bind $Local_Host
CTRL+C # Exit webserver console

Start C2 Server (Local)

cd meterpeter
powershell Set-ExecutionPolicy Unrestricted -Scope CurrentUser
powershell -File meterpeter.ps1

Remark

  • meterpeter.ps1 delivers Dropper/Payload using python3 http.server. IF attacker has python3 installed.
    'If NOT then the payload (Client) its written in Server Local Working Directory to be Manualy Deliver' ..

  • Remmnenber to close the http.server terminal after the target have recived the two files (Dropper & Client)
    'And we have recived the connection in our meterpeter Server { to prevent Server|Client connection errors }'

Deliver Dropper/Payload To Target Machine (manual OR python3)

DELIVER 'Update-KB4524147' (.ps1=manual) OR (.zip=automated|silentExec) TO TARGET ..

Remark:

 IF dropper.bat its executed: Then the Client will use $env:tmp has its working directory ('recomended')..
 IF Attacker decided to manualy execute Client: Then Client remote location (pwd) will be used has working dir .

Quick Jump List


Video Tutorials:

meterpeter Under Windows Distros: https://www.youtube.com/watch?v=d2npuCXsMvE
meterpeter Under Linux Distros: https://www.youtube.com/watch?v=CmMbWmN246E

Special Thanks:

@ZHacker13 (Original Rev Shell) | @tedburke (CommandCam.exe binary)
@codings9 (debugging modules) | @ShantyDamayanti (debugging Modules)
@AHLASaad (debugging Modules) | @gtworek (EnableAllParentPrivileges)


meterpeter's People

Contributors

r00t-3xp10it avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.