Forum Thread: Any Way to Get a Metasploit Exploit Running on a Target Machine Without Them Having to Open a File ?

Hi I'm just wondering if the victim actually has to open an infected exe or word doc or whatever in order to get a metasploit exploit runninng on their machine or is there any other way to do it ?

4 Responses

I think the term your looking for is payload, not exploit.

Generating a payload is just one of many ways to own a victim. An exploit is designed to leverage a fault in a service or software, they can be used to execute payloads in the case of a buffer overflow or otherwise.

For more information you might want to see these.

-Defalt

No they don't. if you can find an exploit in their system to exploit remotely then you can get a meterpreter instance without them ever knowing.

Cheers,
Washu

Well, I'm just spitballing here, but you could try to stick the payload in some hard to reach place and copy a shortcut into the "shell:startup" folder (Hit Windows + R; type "shell:startup"; Hit Enter), and reboot the PC. The payload should run whenever the PC is rebooted.

Ninja243

isn't that basically creating a persistant backdoor? doesn't meterpreter have a command for that?

Share Your Thoughts

  • Hot
  • Active