Through this article you can learn how an attacker would able to
generate a SSL certificate for any exe or bat file payloads so that he might be
able to establish a connection with host through meterpreter session.
The firewall spoof the network traffic and verifies trust
certificates to establish connection itself as a trusted third party to the
session between the client and the server. When the client begins with an SSL
session with the server, the firewall capture the client SSL request and forwards
the SSL request to the server. The server sends a certificate for the client
that is captured by the firewall. If the server certificate is signed by a CA
that the firewall trusts, the firewall generates a duplicate of the server
certificate signed by the Forward Trust certificate and forward the certificate
to the client to authenticate.
Meterpreter_Paranoid_Mode.sh allows users to secure your
staged/stageless connection for Meterpreter by having it check the certificate
of the handler it is connecting to.
Open the terminal in your
kali Linux and type following to download it………….
Once it downloaded run the program file and follow the
given below steps.
Press enter to continue
A
prompt will open in which you have to choose option for building certificate from
given screenshot you can read I had chosen impersonate
domain.
After
that again another prompt will open in which you would be ask to mention the
domain name, here the SSL certificate will generate for www.hackingarticles.in
To have the connection validated we need to tell the payload what
certificate the handler will be using by
setting the path to the PEM certificate
in the HANDLERSSLCERT option then we enable the checking of this certificate by
setting stagerverifysslcert to true.
PEM is a widely used encoding format for security
certificates. Syntax and content is defined by X.509 v3 standards for digital
certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle. A PEM certificate is a base64 (ASCII) encoded block of data
encapsulated between.
In next prompt choose payload category for auto
building payload, from given list I chose
stagless (payload.exe)
Once that payload is created we need to create a handler to
receive the connection and again we use the PEM certificate so the handler can
use the SHA1 hash for validation. Just like with the Payload we set the
parameters HANDLERSSLCERT with the path to the PEM file and stagerverifysslcert
to true. We can see the stage doing
the validation when we recite a session back.
Enter LHOST 192.168.0.108 (attacker’s IP)
Similarly given any random
port for reverse connection from host system nd click on ok.
Enter lport 8888
Again
list of payload will open from that prompt choose desire payload which will
generates payload for attack.
Windows/meterpreter_reverse_http
This will configure all setting and start multi handler
by lunching metasploit framework
When you move inside
output folder here you will get two files; first for exe payload another for .pem
certificate. Now use your effort for sharing exe file with your victim and
wait for session establishment through meterpretre.
On
other hand you can compare .pem certificate from other original certificate
signed by CA, if you will observe given below image you can read certification
details for hackingarticles.in which as similar as CA singed certificates.
Hence
you can see I have successfully established the meterpreter session with
victims system.
Try
it by yourself!!!
0 comments:
Post a Comment