Meterpreter Reverse TCP Demo

This video is a quick and basic demonstration of the technique used to generate a Metasploit Reverse TCP Executable which can be used in a penetration test to connect from inside an organization back out to you (the penetration tester) to perform more thorough testing from inside the organization. It also demonstrates how to execute a command line program silently in the background on the computer of the person who runs the program. All content in this video is only to be used in situations where you have legal approval/permission to do so, which is either:
a) Your own home network
b) On a licensed penetration test, with signed documentation and permission

The author of this video (me), and the authors of the tool are in no way responsible for any misuse of this video, in any way whatsoever. We strongly advise you do not misuse any of these techniques, as it gives the Penetration Testing industry a bad name, plus, you'll end up in jail - and that's never a good thing. We've said out bit - now you do yours, and only use these techniques in situations where you are completely and unquestionably allowed to.

DEFENSE: To defend against an attack of this type, there are a few things you can do:

• Make sure your companies anti-virus is up to date - most of the built in "encryptions" on the code are readily detected by your average Anti-Virus software.
• Make sure your users are educated, and know not to open files from unknown sources (or known, for that matter, without first confirming with the original source).
• Use deep packet inspection on your firewall to ensure that outgoing traffic is as it seems (i.e., truly is HTTP traffic on port 80).
• Restrict outgoing ports so only the essentials are allowed, rather than all of them.

Meterpreter Reverse TCP Demo from Greyhat-Security.com on Vimeo.