Friday, June 10, 2016

METASPLOIT - Windows 7 - Reverse Shell HTTPS / HTTP


- Layout to this exercise:

- In the previous exercise an OUTBOUND rule was created with Windows Advanced Firewall for Security for blocking reverse shell connections to remote port TCP 4444, used by default by Metasploit:


- However, this rule would not block OUTBOUND connections to any other remote port, for instance port 443 (HTTPS) or port 80 (HTTP).

- On next two exercises, let's see how it is possible to install backdoors on the victim machine, bypassing firewalls, using Social Engineering so that the victim downloads executables files from the attacker's wep page.


- Let's create the executable reverse_https.exe, using msfvenom and meterpreter reverse_https payload:

- Checking that it is an executable file for Windows:

The attacker opens a web server on port 8000:

- Also, the attacker Kali sets up a handler exploit with local port 443 (HTTPS) and local IP, waiting for the victim:

Then, the victim Windows 7 connects to the web server, downloads and runs the executable reverse_https.exe:

- Automatically, a meterpreter session is open on the attacker's console, and the post exploitation process can be started:


- Same goal could be achieved with HTTP protocol. The attacker creates the binary reverse_http.exe with msfvenom. In this case the LPORT corresponds to 80 (HTTP), and local IP corresponds to the attacker's machine:

The file is executable on Microsoft systems:

A web server is set up by the attacker:

- Also, a handler exploit waits until the clients connects and runs the binary:

- The victim Windows 7 downloads and runs reverse_http.exe:

- Automatically, a meterpreter session is achieved on the attacker's machine: