Fast-track (scan, setup, sessions) Not MSFConsole
Running:
Make sure you are in the fasttrack directory (/pentest/exploits/fasttrack/), and run fasttrack:
This makes the python interperator run the program. Someone quoted me "on that" So here is what the options do:Code:$ python fast-track.py -i
Thanks MF... I forgot to add that the first time around posting.Interactive Menu Driven Mode: -i
Command Line Mode: -c
Web GUI Mode -g
Examples: ./fast-track.py -i
./fast-track.py -c
./fast-track.py -g
./fast-track.py -g <portnum>
Usage: ./fast-track.py <mode>
Update fast-track using the option number 1. Then use the option number 1 again to only update the fast track software, or if you so desire update everything, but with the internet speed at the school it will take over an hour to do it.
Now get to the main menu and run the autopwn automation.
When it asks for the IP addresses, you can enter a specific address, or you can enter a range. (if you only do it to one, then it will be much quicker).
I would recommend using a Bind attack, but if you fail with a bind, you might want to try a Reverse attack, just to see if there is a different outcome.
Running with a GUI:
If you run with a GUI it is usually not as updated as the command line version. Feel free to try it, but I�m happy with my command line for this tool.
After the scan:Code:$ cd /pentest/exploits/fasttrack/ $ ./ftgui
After your scan is completed you can use the command:
(lowercase L just wanted to make the distinction)Code:$ sessions �l
And this command lists all of the exploits that where successful. Use the command:
(# is equal to the number of the ID that you want to use.)Code:$ sessions -i #
If you wish to see what exploits where used use the �sessions �v� to view all the exploits.
What Fast-track Autopwn is doing:
The Fast-Track's Autopwn script helps automate the scanning and attacking phases of trying to gain control of a computer using MSF (Metasploit Framework). Unleashed talks a lot about using metasploit, so I don't think its necessary to reiterate that.
What it actually does is allow you to create a database of attacks and run it against a computer(s).
Its first step (if you don't edit any defaults) is to scan a selected set of ip ranges using nmap to find open ports. It then proceeds to find all of the exploits from the database that are compatible with the open ports on the system.
After it selects all the exploits/backdoors/loopholes that it is able to use on a system it then starts trying to gain access to the system. After the exploits are all done running you then get your MSF Console that would allow you to try to connect to the system. (See Unleashed for information)
NOTE: only run on a system you own. Don't scan systems that has files that you would hate to loose.
I am only doing this because I am trying to get into the computer security side of networking. I love computers and want to share my knowledge. But, if you use this for malicious purposes I will not feel sympathy for you when you get caught. (not IF, but When, It will happen, so don't do it)
If you have anything you want me to try and cover, let me know, and I'll see if I can accommodate.
Edit: Removed "Install" from the list, It was not needed, seeing as how this is a BT4 forum, and BT4 has it already installed.
Edit: Changed the "-i don't know what it means" to what all the option markers do. (Thanks again MF)
Originally Posted by micole
