.

msfpayload

<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Aug 15, 2012 3:51 pm

msfpayload

hi guys,
Im so sorry i posted another topic near to this subject before but i did that coz i have to so again so sory

Guys i can work with msfpayload program but i have these quiz:

1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

2- is this payload files detectable by av?

3- can i put two payloads in a file?

4- has msf some key loggers with this payload?

Help me please
Thnx
Last edited by cyber.spirit on Wed Aug 15, 2012 3:53 pm, edited 1 time in total.
ICS Academy Network Security Certified
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Aug 15, 2012 4:37 pm

Re: msfpayload

I'm giving you the benefit of the doubt since you've been a member here for awhile, but this sounds kind of sketchy...

cyber.spirit wrote:1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)


If you get written permission from the target system owner(s)...

cyber.spirit wrote:2- is this payload files detectable by av?


Probably, but results will vary greatly based on AV.

cyber.spirit wrote:3- can i put two payloads in a file?


If you make a custom exe with some sort of logic that chooses between them based on some variable(s). I don't think there's a way to do this automatically in the framework.

cyber.spirit wrote:4- has msf some key loggers with this payload?


Yes, within meterpreter.
The day you stop learning is the day you start becoming obsolete.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Aug 15, 2012 5:11 pm

Re: msfpayload

ajohnson wrote:I'm giving you the benefit of the doubt since you've been a member here for awhile, but this sounds kind of sketchy...

cyber.spirit wrote:1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)


If you get written permission from the target system owner(s)...

Man since i sweared to help people i never did anything ilegal and im not gonna do it in future too i think it was better to tell u my scenario first

I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible
Last edited by cyber.spirit on Wed Aug 15, 2012 5:23 pm, edited 1 time in total.
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Aug 15, 2012 5:26 pm

Re: msfpayload

and can i use it in reverse way? I mean i install msf on the win7 then send the payload file to bt? Is it possible? I dont think so
ICS Academy Network Security Certified
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Wed Aug 15, 2012 5:37 pm

Re: msfpayload

So long as your router on the BT5 end is set to port forward whatever port you had your exploit use and BT5 is listening on, should be OK. Haven't tested that myself yet, just been doing stuff on my local LAN. Let us know if your AV picks anything up when you open your mail on the remote test boxes.
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Wed Aug 15, 2012 7:07 pm

Re: msfpayload

If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.



cyber.spirit wrote:hi guys,
Im so sorry i posted another topic near to this subject before but i did that coz i have to so again so sory

Guys i can work with msfpayload program but i have these quiz:

1- Can i use this payload against computers over the internet (i meam for systems with dynamic ipv4 address can i attack them?)

2- is this payload files detectable by av?

3- can i put two payloads in a file?

4- has msf some key loggers with this payload?

Help me please
Thnx
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Wed Aug 15, 2012 11:46 pm

Re: msfpayload

cyber.spirit wrote:I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible


Well to answer your question about sending the payload via email the best bet would be to create a malicious PDF and send it to the "user" on the windows 7 machine.

http://www.offensive-security.com/metas ... de_Attacks
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Thu Aug 16, 2012 1:18 am

Re: msfpayload

shadowzero wrote:If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.

So u want me to drive a half of city to find out that im failed?! Man these systems are not in my local lab to switch between them easily.
I just want to send the payload there if i get the result. Then i reinstall the os and av coz it has many problems now
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Thu Aug 16, 2012 1:22 am

Re: msfpayload

S3curityM0nkey wrote:
cyber.spirit wrote:I have to PCs in two different places 1 of them runs bt5 its dual boot os with win xp i wanna use bt as attacker system and the other one run win7 with kaspersky both of them are connected to the internet not lan and i want to send the win7 pc a payload file via email so now what do u think is it possible


Well to answer your question about sending the payload via email the best bet would be to create a malicious PDF and send it to the "user" on the windows 7 machine.

http://www.offensive-security.com/metas ... de_Attacks

Awsome thanx
ICS Academy Network Security Certified
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Thu Aug 16, 2012 2:49 am

Re: msfpayload

In addition to the Metasploit Unleashed course already mentioned, the following are also very useful resources:

Metasploit: The Penetration Tester's Guide:
http://nostarch.com/metasploit

SecurityTube's Metasploit Framework Expert (SMFE) Course Material:
http://www.securitytube.net/groups?oper ... groupId=10
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Aug 16, 2012 3:13 am

Re: msfpayload

They are great resources There are also loads video on metasploit on the net on security blogs so on.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Thu Aug 16, 2012 7:40 am

Re: msfpayload

cyber.spirit wrote:
shadowzero wrote:If you own both computers, then just try it and find out what happens. Part of learning to hack is experimenting and seeing what the results are and interpreting them.

So u want me to drive a half of city to find out that im failed?! Man these systems are not in my local lab to switch between them easily.


If your machine is already exposed to the internet such that you can attack it, then you can easily monitor its state remotely by setting up SSH, or even some remote desktop over VPN. Log in remotely, run your exploit, check to see if it worked.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Aug 16, 2012 8:04 am

Re: msfpayload

Giving the benefit of the doubt, if you've got a machine on the net that you can target with MSF as a test, others can too.

Strongly suggest killing the connection and leaving the vulnerable systems on internal labs only, if you need remote access openVPN etc. will be your friend....
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Aug 16, 2012 10:22 am

Re: msfpayload

Andrew Waite wrote:Giving the benefit of the doubt...


Second...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Thu Aug 16, 2012 1:06 pm

Re: msfpayload

Andrew Waite wrote:Giving the benefit of the doubt, if you've got a machine on the net that you can target with MSF as a test, others can too.

Strongly suggest killing the connection and leaving the vulnerable systems on internal labs only, if you need remote access openVPN etc. will be your friend....
shadowzero wrote:If your machine is already exposed to the internet such that you can attack it, then you can easily monitor its state remotely by setting up SSH, or even some remote desktop over VPN. Log in remotely, run your exploit, check to see if it worked.




Guys i just wanna learn more about msfpayload i know the risks and i todl you after this test i will renistall windows and av coz my system already has some problems (not security problems) and my system's ip address is dynamic how can yous openvpn or ssh??? besides i just want to learn msfpayload i dont need that
ICS Academy Network Security Certified
Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software