Re: News from Metasploit 4.

[Richard Miles <richard.k.miles () googlemail com>]

Hi Carlos

I know you are the creator of this resources and I have tested
multi_console_command script  and now the module
post/multi/gather/run_console_rc_file, but they never worked to me.
Maybe I'm doing something wrong.

I tried call both of them before and after call "use
exploit/multi/handler", and when I get the connection back from
meterpreter nothing happens, the commands are never executed, or at
least the output is never displayed on the screen.

I'm feeling very foul. There is a chance for you show a step by step
how do you make it?

I tested both now again with metasploit 4.

Thanks.


On Fri, Aug 26, 2011 at 4:12 PM, Carlos Perez
<dark0perator () pauldotcom com> wrote:
> AutoRunScript is for Meterpreter Scrips/Post Modules, what you are showing would be considered a resource file, look 
> at the multi_console_command script or the post module post/multi/gather/run_console_rc_file to achieve what you want 
> and use that resource file as an option.
>
> On Aug 26, 2011, at 4:10 PM, Richard Miles wrote:
>
> > Hi Egypt,
> >
> > It's awesome, thanks for information. Also, do you have a working
> > version for 64 bits?
> >
> > Any follow-up on the other 2 questions on the e-mail?
> >
> > Thanks
> >
> > On Fri, Aug 26, 2011 at 9:20 AM,  <egypt () metasploit com> wrote:
> > > Yes, reverse_http(s) both use the WinInet API, and as such, use IE's
> > > proxy configuration, including credentials.
> > >
> > > egypt
> > >
> > > On Fri, Aug 26, 2011 at 2:28 AM, Richard Miles
> > > <richard.k.miles () googlemail com> wrote:
> > > > Hey Patrick,
> > > >
> > > > Awesome, with the new reverse_http or reverse_https? Metasploit 4?
> > > >
> > > > Thanks
> > > >
> > > > On Thu, Aug 25, 2011 at 7:37 PM, Patrick Webster <patrick () aushack com> wrote:
> > > > > Hey Richard,
> > > > >
> > > > > I cannot guarantee 100%, but re: point #1, I have successfully used
> > > > > the stager to get around proxies with auth about 2 months ago.
> > > > >
> > > > > -Patrick
> > > > >
> > > > > On Fri, Aug 26, 2011 at 8:42 AM, Richard Miles
> > > > > <richard.k.miles () googlemail com> wrote:
> > > > > > Hi
> > > > > >
> > > > > > I friend of mine was talking about some great improvements at
> > > > > > Metasploit 4, I checked the blog and it talks very briefly about it,
> > > > > > what more called my attention is that reverse_http and reverse_https
> > > > > > was updated and meterpreter scripts / resources too.
> > > > > >
> > > > > > I have 3 questions...
> > > > > >
> > > > > > 1 - The new reverse_http and reverse_https now are as good as passiveX
> > > > > > was? I mean, we can use it completely over http or https (even the
> > > > > > stager) and the payload is smart enough to get proxy IP and port from
> > > > > > browser and re-use the same credential (in case that proxy require
> > > > > > auth)?
> > > > _______________________________________________
> > > > https://mail.metasploit.com/mailman/listinfo/framework
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework