Hello! I started yesterday studying about Meterpreter, so, I did the payload.exe to send to a test machine using port 444. I did everything right, and when I opened the payload.exe in the test machine, It was all right, but then, suddenly, a new session with an IP from Russia started.
So, my test machine was session 1 and this session from Russia was 2. Some time later, another session with an IP from USA started, I was able to access all machines, but how is this possible? Only the test machine had the payload.exe.
I checked the test machine for viruses, malware and other things but seems to be all fine.
These IP's from Russia and USA seems to be some kind of servers, I did a portscan and some ports like 443 or 22 are opened, but I'm not sure what happened. Can you help me to understand what was these 2 connections?
1 Response
Well, I figured out what happened here: https://security.stackexchange.com/questions/35409/random-connections-to-meterpreter-reverse-tcp-listener
Seems to be what I thought, honeypots.
Share Your Thoughts