Results 1 to 3 of 3

Thread: Meterpreter Script for Basic Network Enumeration

  1. #1

    Default Meterpreter Script for Basic Network Enumeration

    Here is a script for basic network enumeration using windows natives tools in the target machine, the script is multi threaded for performance, it will perform the following:

    * Ping Sweep
    * DNS Reverse lookup on IP range
    * Fordward Lookup bruteforce using a List of hostnames
    * Get NS and MX records for a given domain.


    you can download the script from http://www.darkoperator.com/netenum.tar.gz
    Let me know if you like it and any recommendations are welcomed.


    here is some sample output:
    Code:
    meterpreter > run netenum
    Network Enumerator Meterpreter Script by Darkoperator
    Carlos Perez carlos_perez@darkoperator.com
    
    Usage:
    
    OPTIONS:
    
        -d <opt>  Domain Name for DNS Fordward Lookup
        -fl        To Perform DNS Fordward Lookup on host list and domain
        -h        Help menu.
        -hl <opt>  File with Host List for DNS Fordward Lookup
        -ps        To Perform Ping Sweeo on IP Range
        -r <opt>  The target address range or CIDR identifier
        -rl        To Perform DNS Reverse Lookup on IP Range
        -st        To Perform DNS lookup of MX, NS and SOA records for a domain
    
    meterpreter > run netenum -fl -hl /home/carlos/hostlist.txt -d google.com
    [*] Network Enumerator Meterpreter Script by Darkoperator
    [*] Carlos Perez carlos_perez@darkoperator.com
    [*] Performing DNS Fordward Lookup for hosts in /home/carlos/hostlist.txt for domain google.com
    [*]     Name:cg-in-f100.google.com    209.85.171.100
    [*]     Name:cg-in-f102.google.com    209.85.171.102
    [*]     Name:googlemail.l.google.com    209.85.133.83,209.85.133.18,209.85.133.19
    [*]     Name:cg-in-f101.google.com    209.85.171.101
    
    
    
    meterpreter > run netenum -rl -r 209.85.171.100-209.85.171.110
    [*] Network Enumerator Meterpreter Script by Darkoperator
    [*] Carlos Perez carlos_perez@darkoperator.com
    [*] Performing DNS Reverse Lookup for IP range 209.85.171.100-209.85.171.110
    [*]      209.85.171.100 is cg-in-f100.google.com
    [*]      209.85.171.101 is cg-in-f101.google.com
    [*]      209.85.171.102 is cg-in-f102.google.com
    [*]      209.85.171.103 is cg-in-f103.google.com
    [*]      209.85.171.104 is cg-in-f104.google.com
    [*]      209.85.171.108 is cg-in-f108.google.com
    
    
    
    meterpreter > run netenum -st -d google.com
    [*] Getting MX and NS Records for Domain google.com
    [*]     Non-authoritative answer:
    [*]    
    [*]     google.com    MX preference = 10, mail exchanger = smtp4.google.com
    [*]     google.com    MX preference = 10, mail exchanger = smtp1.google.com
    [*]     google.com    MX preference = 10, mail exchanger = smtp2.google.com
    [*]     google.com    MX preference = 10, mail exchanger = smtp3.google.com
    [*]    
    [*]     google.com    nameserver = ns3.google.com
    [*]     google.com    nameserver = ns4.google.com
    [*]     google.com    nameserver = ns1.google.com
    [*]     google.com    nameserver = ns2.google.com
    [*]     smtp1.google.com    internet address = 209.85.237.25
    [*]     smtp2.google.com    internet address = 64.233.165.25
    [*]     smtp3.google.com    internet address = 64.233.183.25
    [*]     smtp4.google.com    internet address = 72.14.221.25
    [*]     ns1.google.com    internet address = 216.239.32.10
    [*]     ns2.google.com    internet address = 216.239.34.10
    [*]     ns3.google.com    internet address = 216.239.36.10
    [*]     ns4.google.com    internet address = 216.239.38.10
    
    
    meterpreter > run netenum -ps -r 209.85.171.100-209.85.171.110
    [*] Network Enumerator Meterpreter Script by Darkoperator
    [*] Carlos Perez carlos_perez@darkoperator.com
    [*] Performing ping sweep for IP range 209.85.171.100-209.85.171.110
    [*]     209.85.171.100 host found
    [*]     209.85.171.101 host found
    [*]     209.85.171.102 host found
    [*]     209.85.171.103 host found
    [*]     209.85.171.104 host found

  2. #2
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    may want to check out fierce here is a php port sort of from it :P

    http://rmccurdy.com/scripts/download...rce.pl.php.txt

  3. #3

    Default

    fierce is a great tool, but if I exploit a windows box an use meterpreter as my payload I would have to install PHP and IIS on the box to be able to use it (Most clients do not let you install apps in production servers during pentests) the meterpreter script is so I can enumerate the clients network from the compromissed box using built in tools in windows so as not to trigger HIDS or AV's that may flag my tools as hacking tools, plus makes clean-up of the compromised machine a cinch. I'm working right now on adding nbtstat with netbios code identification and SRV record enumeration. the script is mostly for enumerating the internal network of the client network, for the example I had the compromised box enumerate google but it is mostly for showing the functionality of the script.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •