search

trustedsec / meterssh

MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network.
520 stars 185 forks source link

No Shell #6

Open princenasario opened 8 years ago

princenasario commented 8 years ago

I cant get the shell after running it in the victim. All of the Python scripts and pyinstaller and tools were done in a Windows 7 x64 bit machine.

Ok, i will tell you the details : 

user = 'prince'
password = 'MRN11047'
rhost = '192.168.1.7'
port = '22'
rport = '8021'

Here user 'prince' is a local user ( not root ) and then the user password. The Rhost is my attacker ip ( my virtual machine ) and the port is the default port for ssh that is 22. I didn't know what is rport and so entered it as 8021 but yet i couldn't get the shell.

The Python tools were : Python 2.7, pyinstaller 2.7, paramiko, ecdsa, pyinstaller develop.

Paramiko, ecdsa and pyinstaller develop were installed using the pip commands :

pip install paramiko pip install ecdsa pip install https://github.com/pyinstaller/pyinstaller/archive/develop.zip

The command for meterssh.py to exe I use is : python.exe C:\Pyinstaller\pyinstaller.py --noconsole --onefile C:\meterssh\meterssh.py

but then i get an execution error of : WARNING : the file is found but should not be and some location in the temporary folder.

Then I used the command : python.exe C:\Pyinstaller\pyinstaller.py --noconsole C:\meterssh\meterssh.py

And then i get no error and NO SHELL.

What am i doing wrong?

rschwass commented 7 years ago

Not 100 percent sure but ... rport should be the port you have metasploit multi handler listening on.

princenasario commented 7 years ago

@rschwass Ok i want it on port 8021. My doubt is should port='22' also be the attacker port as '8021'. Because in this video only port is given as port-22. so i guessed it as ssh port. https://www.youtube.com/watch?v=_RTxm_AjK1s

rschwass commented 7 years ago

You shouldn't need to open in on thefw. The communication is going through the ssh tunnel.

princenasario commented 7 years ago

@rschwass i didnt understand. what is thefw?

princenasario commented 7 years ago

After compiling to exe, the meterssh payload is 10mb.