Abstract
Chapter 11 shows some elementary ways an attacker can gain an initial foothold on a network using active content in a browser or some simple malware generated through msfconsole. The Metasploit package also includes msfvenom, a tool that can be used to create more sophisticated malware. A limitation of msfvenom is that the malware it generates is often caught by modern antivirus products. Veil-Evasion can be used to craft malware that is not usually detected by antivirus.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Metasploit 5 was released in January 2019, and has changed this command to msfvenom --list platforms
- 2.
Metasploit 5 was released in January 2019, and has changed this command to msfvenom --list formats
- 3.
Windows Defender on Windows 10 is quite capable of detecting this malware.
- 4.
The other tool, Veil-Ordnance, is a very nice shellcode generator.
- 5.
The command C:\>echo %comspec% can be used to determine the value of this environment variable.
- 6.
This command may fail if run as SYSTEM, with Error 0x00000522, “A required privilege is not held by the client.”
- 7.
Be sure to pass the full name of the domain. If just the NetBIOS name is passed (e.g., pluto instead of pluto.test), the command may report success, but the resulting ticket will be empty.
- 8.
Recall that ~ refers to the user’s home directory. As an example, the user dhilbert on a CentOS system has the home directory /home/dhilbert/, so the ~/.bash_profile file is /home/dhilbert/.bash_profile.
- 9.
The command nohup is used to start a program in the background that ignores hangup signals issued by the kernel; this will let the program continue running if the user logs out.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Malware and Persistence. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_11
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_11
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books