MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network.
Features
Meterpreter over SSH
Ability to configure different IP's, addresses, etc. without the need to ever change the shellcode.
Monitor for the SSH connection and automatically spawn the shell
Download:
https://github.com/trustedsec/meterssh
Tutorial:
More info:
http://penetrationtestingwithkalilinux.blogspot.com/2015/10/bypassing-ids-firewall-using.html
Be the First to Respond
Share Your Thoughts