Three questions: Proxies and the Wiki and multi/handler

[mtgarden at gmail.com (Matt Gardenghi)]

Thanks for the quick reply.  I'll start digging into it. 

H D Moore wrote:
> On Thu, 07 May 2009 08:26:16 -0500, Matt Gardenghi 
> <mtgarden at gmail.com> wrote:
>
> > 1) Is there a technique for setting a payload to work over a proxy?  
> > I haven't noticed it yet, though that means little....
> >
> > Some locations (i.e. my own company) proxies *everything.*  My 
> > research has indicated that not a whole lot of malware is proxy 
> > aware, but that the foundation is being laid as companies are 
> > tightening up some of the data exfiltration going on.  So, will we 
> > see a automatic proxy detection in our payloads or the ability to 
> > manually configure a proxy?
>
> Proxy support increases size which makes it harder to actually use 
> proxy-aware payloads. The best option we have now is the reverse_http 
> stager, recently rewritten by natron. This stager uses IE+HTTP 
> (reading local proxy settings from the registry, if the payload is 
> running as a configured user) and can be used to get a shell, vnc 
> session, or meterpreter prompt.
>
> > 2) I understand that there are several interesting articles under 
> > trac.metasploit.com/wiki/ but I don't see a list for them anywhere.  
> > So this makes it challenging to dig around and find useful articles.
>
> Valid, we need a documentation overhaul.
>
> > 3) multi/handler; is it possible to get the multi/handler to grab 
> > lots of incoming connections?  I seem to be missing this one as 
> > well.  I would assume its possible, cause it seems impractical to 
> > continually create new exploits with new port numbers/instances of 
> > multi/handler to target multiple machines simultaneously.
>
> Yup.
>
> msf exploit (multi/handler) > set ExitOnSession false
> msf exploit (multi/handler) > exploit -j
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework