Best way to handle multiple persistent reverse shells?

Hey everybody, so I’ve got a few servers that I’ve set up with the lovely vulnerable IIS 6.0 OS, I gain shells to then using a vulnerability (CVE-2017-7629, Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service). I usually gain the shell by running a script that uploads a msfvenom payload that calls back to a server running a handler via msfconsole. Or I just use msfconsole for all of it. Either way I usually gain privilege escalation and install persistence to where I can reboot the target and no matter what it’ll start a reverse shell back to me so long as I have my handler running to catch it.

My question is, if I have more than one of these severs homing back to me, what would be the best way to handle them? For now, I’m just setting each one to call back on a different port. E.g.:

Server A1 - call back to C2 server using <IP> on Port 4444

Server A2 - call back to C2 server using <IP> on port 5555

etc.

So to get back into whichever one I want, I’ll just change the LPORT on my handler in msfconsole. Is this the best way to handle multiple persistent shells?

submitted by /u/ReactNativeIsTooHard
[link] [comments]

from hacking: security in practice https://ift.tt/rGTENk7

Comments