Suppose I want to do a USB drive by (Samy Kamkar) which involves a USB that will take action as a HID and will open a reverse shell to my metasploit listener.
However, the machine which will be running metasploit listener will not be alive when I will exploit the victim, I am not sure how metasploit listeners work, will I have to purchase a server online that will run the listener? or will it recognize a connection when I switch on my pc?
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
How To:
Dox Anyone
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Hack Wi-Fi & Networks More Easily with Lazy Script
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Automate Wi-Fi Hacking with Wifite2
How To:
Find Passwords in Exposed Log Files with Google Dorks
Tutorial:
Create Wordlists with Crunch
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
The Top 80+ Websites Available in the Tor Network
How To:
Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
How To:
Hack WPA WiFi Passwords by Cracking the WPS PIN
How To:
How Hackers Cover Their Tracks on an Exploited Linux Server with Shell Scripting
How To:
Get WPA-WPS Passwords with Pyxiewps.
How To:
Brute-Force FTP Credentials & Get Server Access
How To:
Exploit EternalBlue on Windows Server with Metasploit
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
7 Responses
MSF listeners work by creating software that lets Metasploit access it remotely when ran by a user.
Not exactly. A reverse listener acts as a server listening for a connection back. Once it gets the connection, a payload will be delivered. An example of a payload would be Meterpreter. Once a payload is open, a remote connection is made.
To the OP, A listener MUST be running BEFORE the execution of the target file.
Traveler said everything. Except if you make apk payload for android which always runs in background, that way only, you wont need to be online, you can later check if your attack succeed.
Yes, I am making the very same. but its a reverse tcp shell which will be run on a windows 10 machine and meterpreter will be the listener.
Is there any way to modify the payload so I can make it persistent and always looking for connections? and is there a better way other than buying a linux based vps and installing metasploit on that.
Meterpreter is the payload, not the listener. With Reversetcp, (the type of connection for the payload to be delivered) the listener MUST be running BEFORE the execution of the target. You can't modify that. You can choose a different payload connection though.
May I ask why you can't have your listener running while opening the target file?
What if internet disconnects, power outage which is very common happens on the device?
Ok. I understand your question now. Once you have a connection you can use Persistence. It's included with Meterpreter.
The problem with persistence though is that it can be detected by AV software. You could create your own undetected malicious file, upload it to the computer, edit their registry to run your malicious file every time the user signs in. It can take some time to figure out how to do it, but it's possible. I have done it before.
Share Your Thoughts