Was having a discussion with some friends last night and the question came up: "Would it be possible to hijack an attacker's payload and control their computer through the open connection?"
Our hypothetical situation went something like this. Let's say I accidentally ran a reverse tcp EXE payload on my computer, giving an attacker a meterpreter shell and access to my box. Using netstat or likewise analysis I'm able to figure out the EXE file, IP address, and port the attacker is using.
Now the question is, would there be a way to reverse engineer or even create exploits of my own against the EXE so that I can use that open connection to MY advantage and essentially attack the attacker. Theoretically I think this might be possible, but practically I'm not so sure.
Any thoughts?
4 Responses
In a theoretical sense, I don't see why you couldn't connect back to them yourself. Practical? I'm not sure but I am interested in finding out!
Mmm... maybe. But not in the sense you have it. Perhaps you would inject something via TCP instead?
So possibly trying to find a vulnerability in the handler and exploiting that? Since the connection is open and all.
Or maybe modifying the payload EXE to return arbitrary code when they try running commands against it?
It's a bit of a brain buster. LOL
yes but i don't hack but you can use the ip against them and if you got another computer connected to it and they don't have access to that you can ipban them
Share Your Thoughts