Meterpreter_Paranoid_Mode [ Staged payload - ps1 - HTA attack vector ]

JuoczGI4B3E/default.jpg allows users to secure your staged/stageless connection for Meterpreter by having it check the certificate of the handler it is connecting to.
We start by generating a certificate in PEM format, once the certs have been created we can create a HTTP or HTTPS or EXE payload for it and give it the path of PEM format certificate to be used to validate the connection.
To have the connection validated we need to tell the payload what certificate the handler will be using by setting the path to the PEM certificate in the HANDLERSSLCERT option then we enable the checking of this certificate by setting stagerverifysslcert to true.
Once that payload is created we need to create a handler to receive the connection and again we use the PEM certificate so the handler can use the SHA1 hash for validation. Just like with the Payload we set the parameters HANDLERSSLCERT with the path to the PEM file and stagerverifysslcert to true.
Project homepage:

Meterpreter_Paranoid_Mode [ Staged payload - ps1 - HTA attack vector ] Meterpreter_Paranoid_Mode [ Staged payload - ps1 - HTA attack vector ] Reviewed by Anonymous on February 09, 2018 Rating: 5

Post Comments