Meterpreter payloads with trusted certificates
Most security solutions also do network intrusion detection, by analyzing the traffic coming to and from the target machines. In this case, it is most likely that, even if we can use encoders to bypass the antivirus, our payload will get caught when trying to connect to our listener.
Getting ready
Because we are using a valid TLS certificate for this recipe, I have used a DigitalOcean droplet running Ubuntu 16 with 1 GB of RAM. Configure a custom domain zinitiative.com
, and use Let's Encrypt to get a certificate.
How to do it...
After configuring the domain DNS servers to point to the DigitalOcean droplet, getting a certificate with Let's Encrypt is very simple.
- First, we need to install
letsencrypt
, which can be done using the following command:
apt install letsencrypt -y
- Next, to generate the certificate run the
letsencrypt
command, and follow the instructions:
letsencrypt certonly --manual -d zinitiative.com
- If all goes as expected, you should have...