Suppose I want to do a USB drive by (Samy Kamkar) which involves a USB that will take action as a HID and will open a reverse shell to my metasploit listener.
However, the machine which will be running metasploit listener will not be alive when I will exploit the victim, I am not sure how metasploit listeners work, will I have to purchase a server online that will run the listener? or will it recognize a connection when I switch on my pc?
7 Responses
MSF listeners work by creating software that lets Metasploit access it remotely when ran by a user.
Not exactly. A reverse listener acts as a server listening for a connection back. Once it gets the connection, a payload will be delivered. An example of a payload would be Meterpreter. Once a payload is open, a remote connection is made.
To the OP, A listener MUST be running BEFORE the execution of the target file.
Traveler said everything. Except if you make apk payload for android which always runs in background, that way only, you wont need to be online, you can later check if your attack succeed.
Yes, I am making the very same. but its a reverse tcp shell which will be run on a windows 10 machine and meterpreter will be the listener.
Is there any way to modify the payload so I can make it persistent and always looking for connections? and is there a better way other than buying a linux based vps and installing metasploit on that.
Meterpreter is the payload, not the listener. With Reversetcp, (the type of connection for the payload to be delivered) the listener MUST be running BEFORE the execution of the target. You can't modify that. You can choose a different payload connection though.
May I ask why you can't have your listener running while opening the target file?
What if internet disconnects, power outage which is very common happens on the device?
Ok. I understand your question now. Once you have a connection you can use Persistence. It's included with Meterpreter.
The problem with persistence though is that it can be detected by AV software. You could create your own undetected malicious file, upload it to the computer, edit their registry to run your malicious file every time the user signs in. It can take some time to figure out how to do it, but it's possible. I have done it before.
Share Your Thoughts