Metasploit mailing list archives
Handeling multiple reverse shell sessions.
From: abhi.hatekar at gmail.com (Abhijeet Hatekar)
Date: Fri, 19 Oct 2007 22:05:10 +0530
thanks for your help guys...i coded it successfully. Thank you, On 10/19/07, Cyberheb <cyb3rh3b at gmail.com> wrote:
abhi, I think patrick has answered the question clearly, the need for ur case is a handler, in this case it should be reverse_tcp handler which will handle ur reverse shell from each successful target. Just like patrick pointed out, take a look at: http://www.metasploit.com/svn/framework3/trunk/lib/msf/core/handler/reverse_tcp.rb start_handler method should satisfied ur question then... On 10/18/07, Abhijeet Hatekar <abhi.hatekar at gmail.com> wrote:Thank you for your quick responses. I got how metasploit does it but as i am not using metasploit, i cant utilise this information. Following is what i am trying to do. I have written an mass explaoitation module which works somewhat like db_autopwn - scans network for alive hosts, does port scan and runs fingerprint(OS/Device) detection of them. Store this information in database and then execute an exploit (from repository) suitable for a host. All the exploit uses reverse shell shellcode (port 12345). The only thing pending is - how to catch the reverse shell? I dont want to use netcat. Want to write own server which will listen on port 12345 and serve all the catched shell. If you can point me to some link or some code snippet will be great help. Thank you, On 10/17/07, mmiller at hick.org < mmiller at hick.org> wrote:On Wed, Oct 17, 2007 at 09:17:54PM +1000, Patrick Webster wrote:Hi Abhie, Metasploit Framework uses an internal handler to manage sessions. Take a look at: http://www.metasploit.com/svn/framework3/trunk/lib/msf/core/handler/ e.g. http://www.metasploit.com/svn/framework3/trunk/lib/msf/core/handler/reverse_tcp.rbOne thing to add: The handlers (mainly the reverse_tcp handler) included in Metasploit already support handling multiple sessions. The handler used by a given exploit will run until the exploit has completed and will accept as many connections as possible during that time. This is most commonly used in passive exploits, such as browser exploits.-- Abhie ----r00t Is stAt3 0f mInD--- http://bughira.sf.net
-- Abhie ----r00t Is stAt3 0f mInD--- http://bughira.sf.net -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071019/4b650039/attachment.htm>
Current thread:
- Handeling multiple reverse shell sessions. Abhijeet Hatekar (Oct 17)
- Handeling multiple reverse shell sessions. Patrick Webster (Oct 17)
- Handeling multiple reverse shell sessions. mmiller at hick.org (Oct 17)
- Handeling multiple reverse shell sessions. Abhijeet Hatekar (Oct 17)
- Handeling multiple reverse shell sessions. Cyberheb (Oct 19)
- Handeling multiple reverse shell sessions. Abhijeet Hatekar (Oct 19)
- Handeling multiple reverse shell sessions. mmiller at hick.org (Oct 17)
- Handeling multiple reverse shell sessions. Patrick Webster (Oct 17)