Windows Post Exploitation - Persistence With Metasploit

HackerSploit · Intermediate ·🔐 Cybersecurity ·4y ago

Key Takeaways

The video demonstrates how to establish persistence on Windows systems using Metasploit modules, covering various techniques for post-exploitation.

Full Transcript

[Music] hey guys hackersploit here back again with another video welcome back to the pen testing boot camp in this video we will be exploring the process of setting up or maintaining access to a windows target via metasploit of course uh in the red team series we explored you know windows persistence techniques primarily through empire but now we're going to be taking a look at how this can be facilitated through you know various metasploit post exploitation modules so again as i said in the previous video we're going to be skipping over the process of you know generating a payload with msf venom then transferring it etc and we're also going to ignore this these techniques listed here the main objective is to maintain access to the target system in the event the target system is rebooted shut down or you know our rdp credentials are changed so once you've gained access you need to ensure that you continue to have access to the target system irregardless of what happens so as i said one of the one of the techniques that you can do or can perform is the ability to create a backdoor user which again is something that has its own advantages and disadvantages and then of course if you have access to the target system via a meterpreter session uh what i'll do is i'll put this in the background so i'm going to be resuming from the previous video i can search for you know the persistence module so i'm just going to say uh the type of the platform is a windows and we will search for persistence module so i'll hit enter now you can see that the default module that is recommended is this particular module here which is the exploit windows local persistence module and you know it says you know windows persistent registry startup payload installer which essentially sets up assistance via the registry so you can take a look at that if you want the one that i really like or the one that i wanted to highlight in this particular video is obviously going to be the persistent service module as well as the uh a few others like um for example uh you remember we don't want to have any artifacts on the system but one that is uh uh you know really really uh one that really works well is the persistent service for various reasons one of which is the fact that you'll always get a session on the target system irregardless of whether or not the system is shut down or not so for example if i lose access to the target uh you know via you know session two via my meterpreter session i'll be able to gain access in a few seconds without the system uh you know having to be restarted or anything like that now as i said you can explore any of the other ones uh any of the other modules one of them that again i really recommend is the authenticated wmi xx via powershell module here which works really well but in this case let's take a look at the persistent service module so i'm going to say copy and use i'm going to paste that in there we're going to set the payload we leave it as windows interpreter reverse tcp the 32-bit payload because we can always upgrade our meter you know session to a 64-bit session um so i'll say show options and again if we list out our sessions uh the ports that we currently have running are port four four four four and four four two two so we need to change l port there and the lhost option so i'll say ifconfig and we'll just copy the tunnel zero interface ip so i'm going to say set l host to the following and then we'll set the l port to maybe three three four four show the options again and uh yeah so we can essentially modify the actual remote victim uh name for the executable as well as the path so again uh this will utilize the temp directory by default if you don't specify one which is great and then you can set the retry time and this is of course used to specify the retry time that the shell will connect to so after five seconds you know and then of course we can give it a service name so this is usually recommended if you want it to look as clandestine as possible so again in this case because the the target is windows server and of course a windows or rather servers in general are not frequently accessed or you don't have users you know frequently logging on to them then you know we can pretty much stay under the radar unless uh we're actually identified but we're really not at the evasion stage of things yet although i will be covering that so we'll set the service name to maybe something like um let me you know type that in again we can set the service name to uh you know something like lsas something that can blend in really well uh so we can say lsas ls1 lss2 you know just something basic so else t or whatever um again in this case i'm just trying to make it blend in so i'll set the service name there and then i'll set the session to session two and again if i type in info this will give you an idea of what this module will do as you can see this module will generate and upload an executable to a remote host next it'll make it a persistent service now i know that this is touching the disk as i said in this particular case i'm really interested in convenience it'll then create a new service which will start the payload whenever the service is running admin or system privileges are required as with most of the persistence modules for windows so i can just hit run or exploit i'll just type in exploit here then we also is going to run the module against a domain controller and there we are it also generates an rc file for us that we can use and i'll get into rc files in a few seconds it's going to send the stage and we should get a session and then what i'm going to do is i'm going to terminate that particular session or all of the sessions and you'll be able to see that we'll be able to gain access really simply so again i'm just going to give this a couple of seconds to actually send a stage all right so we get materpreta session three opened and again says info you can see it's a 32-bit interpreter session as expected so if i put this in the background and i'm just going to copy the path to the rc file because i want to explore that in a few seconds by the way take or you know take note of the actual module options that you specified with this persistence module so for example the l host and the l port option so i'm just going to take note of that because again the likelihood that i'll forget that is uh very high so the only option that i usually forget is the actual l port option the payload i know is the 32-bit interpreter payload um right okay so if i list out the sessions you can see that we have three sessions so i'm just going to kill all of them so sessions kill uh type that in correctly there we are and i'll just exit and i'm pretty sure i have a few jobs running so let me just exit out of all of that so again if we kept the contents of that particular rc file um it looks like that's stored under root so probably need to say sudo but what we can do is create our own rc file so an rc file in the context of medisploit stands for a resource script a resource script can be used to air to automate various aspects of metasploit primarily through msf console so in this case what this rc script was going to do is it was going to set up uh you know the multi handler for us at the payload l port and l host options that we specified uh with the persistent service module so we can create our own so i'm just going to head over onto my desktop and i'm just going to say vim and we'll call this handler.rc so again this works very similar to a windows batch script where each command is specified sequentially based on the order that you want them to be executed so in this case we're going to say use multi-handler we're going to say set the payload i can't type that in correctly for some reason set the payload to windows interpreter reverse tcp that's what we used and then we're going to set the lhost option to uh that was uh hmm do i have to get that again yeah i do so let me just type in knifeconfig here there we go and let me just close that tab there so lhost is the the our ip the cali ip and then l port is three three four four let me make sure that's correct there we are three three four four and then run so what's going to happen is when i uh you know specified that i want to use this resource script with msf console it's going to automate the process of you know loading the multi-handler module it's going to set the payload automatically for us it's going to set the lhost option l port option and then it's going to run so i can just type in write and quit and then to use a resource script with msf console you simply type in msf console and then r for resource script and then specify the name of the resource script which in this case is handler.rc and we hit enter now we should get a meterpreter session immediately because we use the persistent service module so after five seconds you know we should get a session on the target system so it's going to start up msf console it's going to automate the process of setting up you know multi-handler setting the payload there we are starts the reverse tcp handler and it sends the stage immediately so we are able to gain access to the target system almost immediately and we do so you know sysinfo there we are you can see it's a 32-bit meterpreter session if we you know say pgrep explorer um we can migrate to explorer or any other process any other 64-bit process and yeah we can essentially you know upgrade our interpreter session to a 64-bit interpreter session but in this case we don't need to do that right so uh that's essentially what i wanted to cover and again that's in my case that's how i would have built this particular task because uh this is fairly uh you know fairly menial uh in regards to you know the actual process of generating a payload and then of course transferring it to the target executing it setting up the handler so hopefully i've uh i've helped you uh you know save a lot of time when it comes down to establishing or setting up assistance on a target system and of course i've also gone over you know the resource scripts and how they can be used to automate that process so it's fairly simple to understand and we are at the end of the windows post exploitation room or the post exploitation basics room on try hack me so again we're going to be exploring other you know post exploitation techniques for both windows and linux and then of course we'll explore privilege escalation as we move on once we're done with that we'll then move on to web app pen testing which is something that i'm really really excited for so we'll just hit complete and we'll head over into the conclusion and it complete and we should be done with this room all right fantastic so that is done i know that took a while and it coincided with the release of the red team series so i apologize for that but that should be done now and we can begin exploring you know some of the other techniques and complete the penetration testing boot camp so that's gonna be it for this video let me know if you guys any had any questions or suggestions if you do leave them in the comment section or you can join our discord server the link is in this the description and yeah if you like this video or you found value in it please leave a like down below and i'm going to be seeing you guys in the next video peace a huge thank you to all of our patreons your support is greatly appreciated and this is a formal thank you so thank you shamir douglas ryan carr sandor michael busby sits up doozy defean barry dustin on press and michael hubbard your support is greatly appreciated and you keep us making even more high quality content for you guys so thank you [Music]

Original Description

In this video, I cover the process of establishing persistence on Windows systems through the use of various Metasploit modules. ----------------------------------------------------------------------------------- BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr ----------------------------------------------------------------------------------- TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn ----------------------------------------------------------------------------------- CYBERTALK PODCAST ►► https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7 ----------------------------------------------------------------------------------- We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms. ----------------------------------------------------------------------------------- Thanks for watching! Благодарю за просмотр! Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Obrigado por assistir دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة ----------------------------------------------------------------------------------- #Pentesting#Cybersecurity
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches viewers how to use Metasploit modules to establish persistence on Windows systems, a crucial skill for cybersecurity professionals and pentesters. By following the steps outlined in the video, viewers can improve their post-exploitation skills and better understand Windows security vulnerabilities.

Key Takeaways
  1. Set up a Windows testing environment
  2. Install and configure Metasploit
  3. Select and use appropriate exploit modules
  4. Establish persistence using Meterpreter
  5. Test and verify persistence
💡 Metasploit's exploit modules can be used to establish persistence on Windows systems, allowing for continued access and control even after the initial exploit.

Related Reads

📰
ECB Gives Banks Four Months to Prepare for AI-Powered Cyber Threats
The ECB is giving banks 4 months to prepare for AI-powered cyber threats, highlighting the need for proactive cybersecurity measures
Medium · Cybersecurity
📰
A hospital network went dark at 2 AM. Here is what the next 72 hours looked like.
Learn how a hospital network's cybersecurity breach unfolded over 72 hours and the key takeaways for cybersecurity professionals
Medium · Cybersecurity
📰
Cyber Security Training with Placement Assistance
Learn why cyber security training with placement assistance is crucial for final-year and graduated students and how it can boost their careers
Medium · Cybersecurity
📰
The Part of Cybersecurity No One Talks About
Overcoming command-line interface anxiety is crucial for cybersecurity professionals to effectively use CLI tools
Medium · Cybersecurity
Up next
Security is a shared responsibility
Workday
Watch →