PDA

View Full Version : BT5_metasploit_autopwn



zimmaro
06-14-2011, 08:20 AM
hello guys
I made another simple video (no sound) on the use of basic Metasploit autopwn
the video does not contain anything new and shocking, in fact highlights my lack of familiarity with the world of video and other ....:):)! if you want to watch it:
http://vimeo.com/25023690
thank you all!

M00kaw
06-14-2011, 09:45 AM
It's always nice to see some video-tutorials :)

And it seems as you like to play around with metasploit, which is great!

How ever, I do have a few thing I would like to comment.
When you're making a video-tutorial, the copy/paste gets kind of boring. Why not type in the commands by hand? Write the commands down on a piece of paper next to your monitor.
When you're using db_hosts, tell us why you use that. Show us the db_add_host <ip-address>
When you're using autopwn, explain to us what the options do (db_autopwn -e -q -p)
When you're using nmap, again, explain to us why you're using the different options :)

I'll be looking forward to your next video :)

//M00kaw

zimmaro
06-14-2011, 10:32 AM
HI MOOkawi!
I thank you for your valuable and correct statements! you are absolutely right!
but I use the copy / paste because I have big fingers so I type 20 letters at a time !!!!!( muahahahaahah), with regard to the "Command Options" I think that my "tutorials" (if you can call us) are so simple that everyone should know the meaning (--help)!
hello, thanks a lot ...see you!:):):):)

svalluke
06-14-2011, 07:16 PM
Thank you... good video

trisogono
06-15-2011, 01:55 PM
great tutorial!!
;)

Buenos
06-16-2011, 10:39 AM
good video zimmaro! Thank you :D

trisogono
06-16-2011, 05:58 PM
I tried this test, but don't work...

you know why???
this is my video: http://vimeo.com/25196948
:confused:

window's firewall is disabled....

zimmaro
06-17-2011, 07:11 AM
hi!trisogono
which version of your framework has xp? my xp sp3 have framework2 no upgrade! because certain types of attacks are blocked
ciao!

trisogono
06-17-2011, 11:27 AM
System:
microsoft windows xp
professional
Service pack 3

The framework's windows(SP3 professional) is framewiork3??? Or not?
How do I get to see the framework?

thanks!

zimmaro
06-17-2011, 11:52 AM
hi!
start>esegui>write "winver">return
my result is :microsoft@windows versione 5.1(build2600:xpspXXXX_XXXX:servicepack3)the build 2600 original have only framework<2 i'm not upgrade for this test!
:) ciao

trisogono
06-17-2011, 12:01 PM
yes...this is the problem...
thanks zimmaro!:D

BoogY
07-01-2011, 12:35 PM
great tutorial thanks

qweyzar
07-23-2011, 02:22 AM
Hi Great video! I have a problem though when I attempt to brute force my router login. I get this error:

"192.168.1.1:80 No URI found that asks for authentication"

This confuses me because when you log into my router you do it through http.

MREZA
12-23-2011, 09:09 PM
Hello zimmaro, I am your shadow ! :D :))

thanks for the video ;) but all machines in my network are Windows 7 and 2003R2 or 2008R2 ! no luck!
good video but it will be better if you show us how we can export a report from OpenVas (greenbone) and import it to the metasploit!
and it will be awesome if you show me how setup openvas in backtrack 5r1, i have some problems with it! :(

zimmaro
12-24-2011, 05:48 PM
dear MREZA :)
if your machines are not vulnerable I can not do anything!
in bt5r1 (with Metasploit updated) autopwn function has been removed!
videos that are looking on the net (youtube, vimeo, securitytube ...)
i prefer nessus to openvas!
openvas I tried to use it in my first installation of BT5
now in the "fresh" installation of bt5r1 I saw some problems with my openvas!
you should ask in the right forum to people much prepare,expert then me !!!!!!!
remember: i'm a poor old goat who is trying to learn !!!:)
however, if you hear a solution could be linked to Ubuntu 10.04 you this but I DO NOT recommend it (out of repo):
i'm NOT RESPONSABILY if your bt5r1-BROKE

apt-get purge greenbone-security-assistant
apt-get purge openvas-cli openvas-manager openvas-scanner openvas-administrator
apt-get autoremove
apt-get autoclean
gedit /etc/apt/sources.list
deb http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/xUbuntu_10.04/ ./ ####add this line to your repo###
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54
apt-get update
apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager openvas-scanner openvas-administrator

############copy & paste this "block in your terminal & wait######

test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
touch sudo touch /var/lib/openvas/mgr/tasks.db
chmod 600 /var/lib/openvas/mgr/tasks.db
openvassd
openvasmd --migrate
openvasmd --rebuild
killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart

bye zimmaro the G0at

###############check-up#############
the openvas-check-setup tool. You can find it here: http://www.openvas.org/setup-and-start.html

zimmaro
12-24-2011, 06:23 PM
hi MREZA
it works! i'm testing now!!!!!!!!!!!! (in my bt5r1 fresh install)
done this
Execute the official wiki from this step onwards
openvasmd - rebuild
go away
bye:)

zimmaro
12-25-2011, 12:52 PM
i make a screen-shot with my bt5r1(vbox) LOGGED today to openvas:
http://imageshack.us/f/403/screenshot1tfp.png/
bye

MREZA
12-25-2011, 01:46 PM
thank you very( much )^ 2! zimmaro :D
don't worry about my backtrack, it's in the virtualbox.
i will try this solution as soon as i can , and I'll inform you of the result ( if it works on my machine i will record a video for the public)

p.s : thanks for the screenshot.

bye

zimmaro
12-26-2011, 04:43 PM
hi, MREZA
If you want my advice use Nessus, in my opinion is better and interacts internally with Metasploit !!!!!!!!
root@zimmyhack:~# apt-get install nessus #install it from official repo
root@zimmyhack:~# /opt/nessus/sbin/nessus-adduser #add user+passwd(remember)
root@zimmyhack:~#firefox at http://www.nessus.org/register/ #obtain your home version register(nessus send you a mail with activation code)
root@zimmyhack:~# /opt/nessus/bin/nessus-fetch --register Exxx-Bxxx-Exxx-1Exx-54 #(register your activation code)
root@zimmyhack:~# /etc/init.d/nessusd start # start your nessus-"server"

if you want interact with metasploit:
root@zimmyhack:~# msfconsole -q #(my copy now is default 4.0.0 in bt5r1 if you not update MSF have AUTOPWN & 2 database aviable)
msf > db_driver postgresql #connect to database
Using database driver postgresql
msf > db_status #verify a status
postgresql connected to msf3
msf > workspace
* default
msf > workspace -a myproject #add a "new-work-space"
Added workspace: myproject
msf > load nessus # NESSUS START INTERACT
Nessus Bridge for Metasploit 1.1
[+] Type nessus_help for a command listing
Creating Exploit Search Index - (/root/.msf4/nessus_index) - this wont take long.

It has taken : 125.384663903 seconds to build the exploits search index
Successfully loaded plugin: nessus :))))))))
msf > nessus_help

Command Help Text
------- ---------
Generic Commands
----------------- -----------------
nessus_connect Connect to a nessus server
nessus_save Save nessus login info between sessions
nessus_logout Logout from the nessus server
nessus_help Listing of available nessus commands
nessus_server_status Check the status of your Nessus Server
nessus_admin Checks if user is an admin
nessus_server_feed Nessus Feed Type
nessus_find_targets Try to find vulnerable targets from a report
nessus_server_prefs Display Server Prefs

Reports Commands
----------------- -----------------
nessus_report_list List all Nessus reports
nessus_report_get Import a report from the nessus server in Nessus v2 format
nessus_report_hosts Get list of hosts from a report
nessus_report_host_ports Get list of open ports from a host from a report
nessus_report_host_detail Detail from a report item on a host

Scan Commands
----------------- -----------------
nessus_scan_new Create new Nessus Scan
nessus_scan_status List all currently running Nessus scans
nessus_scan_pause Pause a Nessus Scan
nessus_scan_pause_all Pause all Nessus Scans
nessus_scan_stop Stop a Nessus Scan
nessus_scan_stop_all Stop all Nessus Scans
nessus_scan_resume Resume a Nessus Scan
nessus_scan_resume_all Resume all Nessus Scans

Plugin Commands
----------------- -----------------
nessus_plugin_list Displays each plugin family and the number of plugins
nessus_plugin_family List plugins in a family
nessus_plugin_details List details of a particular plugin

User Commands
----------------- -----------------
nessus_user_list Show Nessus Users
nessus_user_add Add a new Nessus User
nessus_user_del Delete a Nessus User
nessus_user_passwd Change Nessus Users Password

Policy Commands
----------------- -----------------
nessus_policy_list List all polciies
nessus_policy_del Delete a policy
msf > nessus_connect root:toor@127.0.0.1:8834 #connect to "nessus-server with your CREDENTIAL
Connecting to https://127.0.0.1:8834/ as root
Authenticated
GO AWAY....................................:).)

This video was made ​​by the big sickness is a perfect guide:
http://www.securitytube.net/video/1216
regards zimmato the goat brain

MREZA
12-26-2011, 06:22 PM
Zimmaro, thanks for your advice but I'm living in IRAN!, i can't get activation code\registration key from my country, i must use VPN to activate nessus! ( in IRAN VPNs are not Allowed due to anti-censorship usages!)
for OpenVas i still prefer using backtrack4r2.

China520
03-11-2012, 07:21 PM
Thanks a lot ....:)

n3tb4ng3r
03-19-2012, 04:14 PM
good tutorial m8, even though I already know this stuff. But it'd be better with sound (for next time).

joebl4k
05-16-2012, 02:56 AM
Nice. Thanks.

mXx3r
06-24-2012, 03:41 AM
thanks, good video !

SpDmC
07-04-2012, 03:57 PM
Nice work dude , but when i try to do what's on this video "database problem" can anyone tell me how to creat one ?

zimmaro
07-06-2012, 03:57 PM
Nice work dude , but when i try to do what's on this video "database problem" can anyone tell me how to creat one ?
hi,:)
this video is only for bt5(first-version)!in r2 database postgresql is default install && default autostart in msfconsole(type db_status)

for postgresql in bt5(not upgrade) i used this metod:
*root@bt:~# apt-get install postgresql
*root@bt:~# apt-get install libpgsql-ruby
*root@bt:~# sudo su postgres
*sh-4.1$ createuser root -P
*could not change directory to "/root"
*Enter password for new role: "??????" your password
*Enter it again:"?????"
*Shall the new role be a superuser? (y/n) n
*Shall the new role be allowed to create databases? (y/n) n
*Shall the new role be allowed to create more new roles? (y/n) n
*sh-4.1$ createdb --owner=root metasploit
*could not change directory to "/root"
*exit
*sh-4.1$ exit
*exit
*update-alternatives --config ruby switch on 0
*ruby -v verificate version on ruby =ruby 1.8.7 (2010-06-23 patchlevel 299) [i686-linux]
*/etc/init.d/postgresql-8.4 start
*root@bt:~# msfconsole
*msf > db_driver postgresql Using database driver postgresql
*msf > db_connect root:toor@127.0.0.1:5432/metasploit
***workspace -a MyProject
*] Added workspace: MyProject
msf > db_nmap 192.168.1.165 -sS -O Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-14 15:27 CEST Nmap: Nmap scan report for hackdany-cecb3e.homenet.t
msf > db_autopwn -p -e -q eccc....

repeat this for first version of bt5 (now i've r2)
bye

r083rt
07-06-2012, 09:19 PM
autopwn was removed for a reason

this tread should have been closed long ago !!!!!!!

r083rt

zimmaro
07-07-2012, 01:45 PM
autopwn was removed for a reason

this tread should have been closed long ago !!!!!!!

r083rt

hi, :)
I know ONE friend who uses BT5 (first version-not-update & upgrade) && has not typed "" "msfupdate" "" or "" svn up "" in Metasploit directory .............. ............ and told me that db_autopwn works!! ...................................... .....

MoOoTeC
07-14-2012, 09:25 AM
This is The first one { autopwn }

Thank You !

peterr88
09-19-2012, 06:18 PM
excellent tutorial
thank you