Hello everyone
Today I will show a different way to exploit a windows machine with a reverse https payload..."wait...why https? Isn't tcp good anymore?"
The answer is yes...and no...Actually https has few but very important benefits that tcp hasn't :
1)HTTPS hides what is beeing sent over the network, so IDS/IPS systems will not see what's happening (if there is no SSL termination (transparent) ).
2)HTTPS will look more normal in firewall logs.
So with that said...let's get started
First of all we need 2 things present in our system :
1)Metasploit
2)Java SE Development Kit (link:)http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
(Download the Linuxx86 tar.gz , extract it and once you do move the folder to the /opt directory)
Once you have that let's install Cobalt Strike Trial (it lasts 21 days) from it's own website https://www.cobaltstrike.com/download
Accept the EULA and choose Linux (.tgz)
Now open up terminal and start metasploit and postgresql services with the commands :
Kali> service metasploit start
and
Kali>service postgresql start
Always within terminal go to the cobaltstrike folder and let's launch it with :
Kali>./cobaltstrike
Now a window will show up ...just press connect
Another window may show up about the Metasploit RPC...just click yes.
Now you will see a window that looks pretty much like the Armitage one...but this one is like...the premium version because it has some things more
Now let's make the payload
Go to Attacks > Packages and the select Windows Executable
Now let's add a Listener
Now select the windows /meterpreter/reversehttps
Give a name to your payload, put your local ip in the HOST tab and in PORT enter a port number (the https one is 443)...and click Save
Now let's generate the listener and save it wherever you want
"So... now you want to send it to the victim?" You can bet i want and for that I am going to use the the Host File function
Go to Attacks > Web Drive-by and select Host File :
Now Select your generated payload AND in the URL path change the file.txt in file.exe (this is very important)
Now click launch and send the URL to the victim and that's it.
Now you will see a screen with red borders...this means that it worked...click on it and click on meterpreter and select what you want to see or do
Thanks for reading (Sorry I couldn't upload some images for some reason... )
ThE-FiXeR
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
10 Comments
Very neat, I wonder if this can be done with Armitage? I like CobaltStrike but its just a tad expensive ;)
Cheers,
Washu
I don't think you can do it with Armitage but you could just download Cobaltstrike every 21 days or you could crack it somehow
True, btw thanks for all your articles. Your very active and have lots of great content :)
Cheers,
Washu
Thank you !
So whats the advantage of Cobaltstrike in this situation? Why can we just host it using apache and set up an listener?
Go to the cobalt strike website and you will see for yourself
does this payload work, if the target is windows 10
forgive me if its a stupid question, but i ran into that problem when I tried another payload, that it didnt worked on windows 10.
Yes it works with Windows 10 but your antivirus may detect it
Can you use it with Veil Evasion to bypass antivirus?
hey bro, will it work really work cauz i am gonna download cobalt strike :/
Share Your Thoughts