MeterSSH - Meterpreter over SSH
As penetration testers, it’s crucial to identify what types of
attacks are detected and what’s not. After running into a recent
penetration test with a next generation firewall, most analysis has
shifted away from the endpoints and more towards network analysis. While
there needs to be a mixture of both, MeterSSH demonstrates how easy it
is to circumvent a lot of these signature based “next generation”
product lines.
MeterSSH is an easy way to inject native shellcode into memory and
pipe anything over SSH to the attacker machine through an SSH tunnel and
all self contained into one single Python file. Python can easily be
converted to an executable using pyinstaller or py2exe.
MeterSSH is easy – simply edit the meterssh.py file and add your SSH
server IP, port, username, and password and run the script. It will
spawn meterpreter through memory injection (in this case a
windows/meterpreter/bind_tcp) and bind to port 8021. Paramiko (python
SSH module) is used to tunnel meterpreter over 8021 and back to the
attacker and all communications tucked within that SSH tunnel.
Features
- Meterpreter over SSH
- Ability to configure different IP's, addresses, etc. without the need to ever change the shellcode.
- Monitor for the SSH connection and automatically spawn the shell
MeterSSH - Meterpreter over SSH
Reviewed by Zion3R
on
12:46 PM
Rating: