Saturday, February 27, 2016

CCDC Quals Notes (metasploit)

Some quick notes for interesting stuff to keep for CCDC Quals/Notes

Rapid Fire PSExec

Use db_nmap to scan and populate the databse or db_import to import nmap xml into your workspace.  This one uses open port 445 to query the database

This one uses open service of smb to query the database

Running Metasploit Post modules against all sessions

Resource script to run a single post module against all sessions.  Navigate to your post module, set up any required options then run this resource script.

Got this from:

Update: Dre mentioned his already exists here:

Running a Meterpreter Command against all sessions

Got the code from mubix

Running a Windows command against all sessions
This functionality is already built into the sessions command

Just run sessions -c "command" and if you don't put a session to interact with it will run on all sessions.

I used this to run the Empire launcher on all sessions.

Running a Meterpreter script against all sessions

Just run sessions -s meter_script and if you don't put a session to interact with it will run on all sessions.



dre said...
This comment has been removed by a blog administrator.
CG said...

1. completely missed this. :-( this is the same as what i posted. thanks for mentioning it

2. works for windows commands not meterp scripts or commands

3. to run meterpreter scripts not built in commands like screenshot. does run on all sessions unless you specify like -c

4. would only run against a single session you specify ? thus you need #1 to run against multiple sessions

Which is best? depends. there is no "just take a screenshot" post module only screen_spy. So if you wanted to periodically take screenshots on an adhoc basis you have to use the code i posted as there doesnt appear to be a way to run screenshot via sessions -s . To be fair there arent many gaps in coverage but that is one.

Thanks for reading/commenting> I'm going to update the post.

CG said...

accidntly deleted Dre's comment when i was trying to delete my own. Here is the original comment:

dre said...
2) sessions -c (as you mention, put command here) all
3) sessions -s (script) -i (1-3 ; 1,3; all)
4) post/multi/general/execute
5) other???

Which is best?