Sometime during 2015, hackers realized it was possible to steal/hijack someone's meterpreter session by simply playing around with the victim's DNS and launching their own handler to connect. This led to the development and release of meterpreter paranoid mode. The developers introduced an API that verified the SHA1 hash of the certificate presented by the msf at both ends. In this recipe, we will see how to use the paranoid mode.
Using the paranoid meterpreter
by Himanshu Sharma
Kali Linux - An Ethical Hacker's Cookbook - Second Edition
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Kali - An Introduction
- Configuring Kali Linux
- Configuring the Xfce environment
- Configuring the MATE environment
- Configuring the LXDE environment
- Configuring the E17 environment
- Configuring the KDE environment
- Prepping with custom tools
- Zone Walking using DNSRecon
- Setting up I2P for anonymity
- Pentesting VPN's ike-scan
- Setting up proxychains
- Going on a hunt with Routerhunter
- Gathering Intel and Planning Attack Strategies
- Getting a list of subdomains
- Using Shodan for fun and profit
- Shodan Honeyscore
- Shodan plugins
- Censys
- Using Nmap to find open ports
- Bypassing firewalls with Nmap
- Searching for open directories using GoBuster
- Hunting for SSL flaws
- Automating brute force with BruteSpray
- Digging deep with TheHarvester
- Finding technology behind webapps using WhatWeb
- Scanning IPs with masscan
- Finding origin servers with CloudBunny
- Sniffing around with Kismet
- Testing routers with Firewalk
- Vulnerability Assessment - Poking for Holes
- Using the infamous Burp
- Exploiting WSDLs with Wsdler
- Using Intruder
- Using golismero
- Exploring Searchsploit
- Exploiting routers with routersploit
- Using Metasploit
- Automating Metasploit
- Writing a custom resource script
- Setting up a database in Metasploit
- Generating payloads with MSFPC
- Emulating threats with Cobalt Strike
- Web App Exploitation - Beyond OWASP Top 10
- Exploiting XSS with XSS Validator
- Injection attacks with sqlmap
- Owning all .svn and .git repositories
- Winning race conditions
- Exploiting XXEs
- Exploiting Jboss with JexBoss
- Exploiting PHP Object Injection
- Automating vulnerability detection using RapidScan
- Backdoors using meterpreter
- Backdoors using webshells
- Network Exploitation
- Introduction
- MITM with hamster and ferret
- Exploring the msfconsole
- Railgun in Metasploit
- Using the paranoid meterpreter
- The tale of a bleeding heart
- Exploiting Redis
- Saying no to SQL – owning MongoDBs
- Hacking embedded devices
- Exploiting Elasticsearch
- Good old Wireshark
- This is Sparta
- Exploiting Jenkins
- Shellver – reverse shell cheatsheet
- Generating payloads with MSFvenom Payload Creator (MSFPC)
- Wireless Attacks - Getting Past Aircrack-ng
- Password Attacks - The Fault in Their Stars
- Have Shell, Now What?
- Spawning a TTY shell
- Looking for weaknesses
- Horizontal escalation
- Vertical escalation
- Node hopping – pivoting
- Privilege escalation on Windows
- Pulling a plaintext password with Mimikatz
- Dumping other saved passwords from the machine
- Pivoting
- Backdooring for persistance
- Age of Empire
- Automating Active Directory (AD) exploitation with DeathStar
- Exfiltrating data through Dropbox
- Data exfiltration using CloakifyFactory
- Buffer Overflows
- Elementary, My Dear Watson - Digital Forensics
- Playing with Software-Defined Radios
- Kali in Your Pocket - NetHunters and Raspberries
- Writing Reports
- Other Books You May Enjoy
Using the paranoid meterpreter
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.