7 comments on “Exporting runtime private key for msf’s meterpreter reverse tcp and https!

  1. Pingback: Security News #0×46 | CyberOperations

      • Ok I see what you are asking now. The default meterpreter that ships with Community Framework does not appear to have the logic to hide itself from netstat. You could use a rootkit of some sort that maybe intercepts the logic netstat uses to query its connections and mask yours, or maybe even PORTPROXY on xp to do so as per http://www.slideshare.net/mubix/dirty-little-secrets-they-didnt-teach-you-in-pentest-class-v2, pg 105. I would test your google fu to find other methods or to hone the examples above.

        Luckily, anyone running a protocol sniffer will only see encrypted traffic when trying to analyse the meterpreter connections-unless they happen to have the private key as stated above, which your victims should not be able to obtain. The point of encrypted backdoors, essentially, is not that someone can see your connection to and from said victim, but that they cannot see what that connection is doing. The trick is to blend in with processes currently running on the host so as to not raise suspicion.

        Thank you for your question, I think I have material for another blog post now!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s