msfpayload

Viewing 18 reply threads
  • Author
    Posts
    • #7806
      cyber.spirit
      Participant

      hi guys,
      Im so sorry i posted another topic near to this subject before but i did that coz i have to so again so sory

      Guys i can work with msfpayload program but i have these quiz:

      1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

      2- is this payload files detectable by av?

      3- can i put two payloads in a file?

      4- has msf some key loggers with this payload?

      Help me please
      Thnx

    • #49075
      dynamik
      Participant

      I’m giving you the benefit of the doubt since you’ve been a member here for awhile, but this sounds kind of sketchy…

      @cyber.spirit wrote:

      1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

      If you get written permission from the target system owner(s)…

      @cyber.spirit wrote:

      2- is this payload files detectable by av?

      Probably, but results will vary greatly based on AV.

      @cyber.spirit wrote:

      3- can i put two payloads in a file?

      If you make a custom exe with some sort of logic that chooses between them based on some variable(s). I don’t think there’s a way to do this automatically in the framework.

      @cyber.spirit wrote:

      4- has msf some key loggers with this payload?

      Yes, within meterpreter.

    • #49076
      cyber.spirit
      Participant

      @ajohnson wrote:

      I’m giving you the benefit of the doubt since you’ve been a member here for awhile, but this sounds kind of sketchy…

      @cyber.spirit wrote:

      1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

      If you get written permission from the target system owner(s)…

      Man since i sweared to help people i never did anything ilegal and im not gonna do it in future too i think it was better to tell u my scenario first

      I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible

    • #49077
      cyber.spirit
      Participant

      and can i use it in reverse way? I mean i install msf on the win7 then send the payload file to bt? Is it possible? I dont think so

    • #49078
      jjwinter
      Participant

      So long as your router on the BT5 end is set to port forward whatever port you had your exploit use and BT5 is listening on, should be OK. Haven’t tested that myself yet, just been doing stuff on my local LAN. Let us know if your AV picks anything up when you open your mail on the remote test boxes.

    • #49079
      shadowzero
      Participant

      If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.

      @cyber.spirit wrote:

      hi guys,
      Im so sorry i posted another topic near to this subject before but i did that coz i have to so again so sory

      Guys i can work with msfpayload program but i have these quiz:

      1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

      2- is this payload files detectable by av?

      3- can i put two payloads in a file?

      4- has msf some key loggers with this payload?

      Help me please
      Thnx

    • #49080
      S3curityM0nkey
      Participant

      @cyber.spirit wrote:

      I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible

      Well to answer your question about sending the payload via email the best bet would be to create a malicious PDF and send it to the “user” on the windows 7 machine.

      http://www.offensive-security.com/metasploit-unleashed/Client_Side_Attacks

    • #49081
      cyber.spirit
      Participant

      @shadowzero wrote:

      If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.

      So u want me to drive a half of city to find out that im failed?! Man these systems are not in my local lab to switch between them easily.
      I just want to send the payload there if i get the result. Then i reinstall the os and av coz it has many problems now

    • #49082
      cyber.spirit
      Participant

      @S3curityM0nkey wrote:

      @cyber.spirit wrote:

      I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible

      Well to answer your question about sending the payload via email the best bet would be to create a malicious PDF and send it to the “user” on the windows 7 machine.

      http://www.offensive-security.com/metasploit-unleashed/Client_Side_Attacks

      Awsome thanx

    • #49083
      m0wgli
      Participant

      In addition to the Metasploit Unleashed course already mentioned, the following are also very useful resources:

      Metasploit: The Penetration Tester’s Guide:
      http://nostarch.com/metasploit

      SecurityTube’s Metasploit Framework Expert (SMFE) Course Material:
      http://www.securitytube.net/groups?operation=view&groupId=10

    • #49084
      Jamie.R
      Participant

      They are great resources There are also loads video on metasploit on the net on security blogs so on.

    • #49085
      shadowzero
      Participant

      @cyber.spirit wrote:

      @shadowzero wrote:

      If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.

      So u want me to drive a half of city to find out that im failed?! Man these systems are not in my local lab to switch between them easily.

      If your machine is already exposed to the internet such that you can attack it, then you can easily monitor its state remotely by setting up SSH, or even some remote desktop over VPN. Log in remotely, run your exploit, check to see if it worked.

    • #49086
      RoleReversal
      Participant

      Giving the benefit of the doubt, if you’ve got a machine on the net that you can target with MSF as a test, others can too.

      Strongly suggest killing the connection and leaving the vulnerable systems on internal labs only, if you need remote access openVPN etc. will be your friend….

    • #49087
      hayabusa
      Participant

      @Andrew Waite wrote:

      Giving the benefit of the doubt…

      Second…

    • #49088
      cyber.spirit
      Participant

      @Andrew Waite wrote:

      Giving the benefit of the doubt, if you’ve got a machine on the net that you can target with MSF as a test, others can too.

      Strongly suggest killing the connection and leaving the vulnerable systems on internal labs only, if you need remote access openVPN etc. will be your friend….

      @shadowzero wrote:

      If your machine is already exposed to the internet such that you can attack it, then you can easily monitor its state remotely by setting up SSH, or even some remote desktop over VPN. Log in remotely, run your exploit, check to see if it worked.

      Guys i just wanna learn more about msfpayload i know the risks and i todl you after this test i will renistall windows and av coz my system already has some problems (not security problems) and my system’s ip address is dynamic how can yous openvpn or ssh??? besides i just want to learn msfpayload i dont need that

    • #49089
      jjwinter
      Participant

      You could use a host name registered with a free DNS updater, like no-ip.info so you always know the remote’s IP. Use Logmein free to access it and to open your infected emails remotely and see if they work.

    • #49090
      shadowzero
      Participant

      @cyber.spirit wrote:

      my system’s ip address is dynamic how can yous openvpn or ssh???

      For future reference:
      http://www.no-ip.com/getting_started.php
      http://help.logmein.com/selfserviceknowledgerenderer?type=FAQ&id=kA030000000DGCkCAO

      Since it’s difficult for you to monitor the remote machine, I strongly suggest you play with msfpayload on a machine that you can easily monitor and control. If that means setting up a virtual machine running Windows, do it.

    • #49091
      S3curityM0nkey
      Participant

      If your after a good book on the topis then Metasploit: The Penetration Tester’s Guide is the way to go. I finished it a couple of months ago and found it very well written with lots of great examples.

    • #49092
      jjwinter
      Participant

      x2 on that book. Great examples to work through and well written.

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?