Results 1 to 10 of 10

Thread: Meterpreter sound on new session?

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default Meterpreter sound on new session?

    I am using the reverse_tcp connection on a dropped U3 however sitting around waiting and staring at my screen is starting to get old. Is there a way to make it "ding" or something when a new session is opened? I am currently using the GUI -> console (ctrl+o) to start the multi/handler on windows. But i can just as easily load it up on a *nix box if required. I just have to be able to see the screen at all times right now and I know the first time I go to take a piss someone is going to run it and close there laptop before i can get my auto loading payload in...

    Google failed me so i'm open to any ideas.

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Make use of the autorun script somehow. I don't write much ruby so I couldn't provide more than that.

    Or you could just go to the box in question and execute your payload.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default

    Quote Originally Posted by Gitsnik View Post
    Make use of the autorun script somehow. I don't write much ruby so I couldn't provide more than that.

    Or you could just go to the box in question and execute your payload.
    I will look into the autorun, however if I had access to the box why would I be waiting around the payload is on my U3 device and I am waiting for it to be plugged in. I was curious what the pro pentesters do...

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by rmills View Post
    I was curious what the pro pentesters do...
    Strangely enough, they use their own lab environments or get paid to sit around waiting for this sort of thing to happen. They are also good at multi-tasking.

    I am hoping I didn't just enable someone to do something illegal...
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default

    Strangely enough no, my boss asked if it was possiable and this was a simple vector in. im not a pro but I know a few things. I asumed pros did not sit around staring at the screen so I was wondering what the shortcut was. Seems autorun is it unless someone knows a better way.

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    If that is the case then one would assume you were a member of the IT staff, in which case you would know whether or not your anti-virus software will stop the payload, as well as whether or not autorun is disabled on the systems in question (pardon, my U3 knowledge is limited). Thus it is merely a case of leaving the session open - you don't need to wait because you have a few choices:

    * Leave it running until someone connects to it or shut it down after a week. If someone hasn't connected it in that time you can go re-trieve your device because odds are noone found it. If it does connect then you have proven to your boss that your users are that stupid. See next point.
    * Set up another PC (or VM) and load a normal user account onto it, manually execute your payload. If you can then use that to gain domain admin access or local admin access, you've got a bit of a bit of a patching problem with your machines and you should be talking to the WSUS admin about that.

    Of course if you're not a member of the IT staff and your boss asked you to do this (and you don't have your handy, signed, verified get out of jail free card) I would seriously be questioning whether or not the boss is about to be laid off - he may be using you to gain him more access than he is meant to have, whilst providing a convenient scape goat.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default

    To be perfectly honest your becoming kind of annoying, I did not ask for a ethics speech and while I don't mind free advice your throwing it out without fully understanding my issues in a patronizing way. I only asked if there was a way to get a notification. I hardly see how that's helping me break the law and I have no idea why your trying to train me on how to do a pentest. Frankly how you do things is your party, I learn by doing and teaching myself most of the time but its nice when someone can lesson the learning curve. So with that said...

    Don't confuse me for some script kiddie who figured out the magic of metasploit. This has been a hobby of mine for a number of year. Yes I have the magical Virtualbox builds for day job and my hobbies. I used them to fully tested my payload before it ever went into the "field". But you clearly missed this being a social test, not a hardware test. They also happen to be laptops, laptops that suspend and/or shutdown when closed and in this case that's often. I know autorun for CD's is turned on because I simply had him install a program off a cd Friday and watched it autostart. The laptop is running AV and I could not find a way around AV without using an encoded reverse tcp payload. Since I cant write it to autostart or as a service I only get one shot when its plugged in (all I need really) and I could only have a short window to some basic hashdumping, trolling, etc. Far as my boss goes he is also a friend and this attack is targeting a single guy who talks like he is gods gift to IT but does not get what a nameserver is for and he does not have access to anything remotely sensitive, he is a ****ing intern and its a company laptop issued to him. The boss also owns the company and its too small to need an IT staff. I sure as hell don't make a habit of cracking networks for other people regardless of who they are but in this case the kid needs a lesson and his pride taken down a few pegs. Cracking him thru this simple vector should do just that.

    Now I'm sure there is a better vector but this one works for me minus sitting around waiting and I could find nothing obvious on this forum or other forums or google.


    Maybe a little less internet mothering would help, sigh...




    Quote Originally Posted by Gitsnik View Post
    If that is the case then one would assume you were a member of the IT staff, in which case you would know whether or not your anti-virus software will stop the payload, as well as whether or not autorun is disabled on the systems in question (pardon, my U3 knowledge is limited). Thus it is merely a case of leaving the session open - you don't need to wait because you have a few choices:

    * Leave it running until someone connects to it or shut it down after a week. If someone hasn't connected it in that time you can go re-trieve your device because odds are noone found it. If it does connect then you have proven to your boss that your users are that stupid. See next point.
    * Set up another PC (or VM) and load a normal user account onto it, manually execute your payload. If you can then use that to gain domain admin access or local admin access, you've got a bit of a bit of a patching problem with your machines and you should be talking to the WSUS admin about that.

    Of course if you're not a member of the IT staff and your boss asked you to do this (and you don't have your handy, signed, verified get out of jail free card) I would seriously be questioning whether or not the boss is about to be laid off - he may be using you to gain him more access than he is meant to have, whilst providing a convenient scape goat.

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by rmills View Post
    Strangely enough no, my boss asked if it was possiable and this was a simple vector in.
    So "your boss" wants you to teach someone a lesson by penetrating their computer to "targeting a single guy who talks like he is gods gift to IT but does not get what a nameserver is for and he does not have access to anything remotely sensitive, he is a ****ing intern and its a company laptop issued to him." ? Seems to me both you and the boss are going about things the hard or wrong way. If you want to look at the laptop then just take it and look at it. The operator should have no expectation to privacy on a company issued computer. As such the boss could easily take it and go and look at whatever he/she wants to and be done with it.
    To be perfectly honest your becoming kind of annoying, I did not ask for a ethics speech and while I don't mind free advice your throwing it out without fully understanding my issues in a patronizing way.
    Either way it sounds fishy and as such no one wants to help someone else on a public forum that is visited by LEO to do something illegal or that may be presumed as such.
    Now granted you may not be doing anything that is illegal or unethical the problem you are facing here is that there are others who do such things and then try and solicit help. So try and see if from someone else's perspective. Ethics like the rest of the information comes free of charge.

    I only asked if there was a way to get a notification.
    There may very well be a way to do this. But either A no one knows or B no one will tell you.

    but in this case the kid needs a lesson and his pride taken down a few pegs.
    You don't want a lesson in ethics and morals yet are wanting to teach them to someone else.
    Maybe a little less internet mothering would help, sigh...
    The OP posted, whether it helps or not is yet to be determined. However, I would also call the fact that the OP suspects you of doing something illegal and not really want to help further you goals, looking out for the forums.
    Take it or leave it that is the best you may get.

    Don't take things the hard way mate. It has been stated countless times before you are only as good as your posts. People only know you from them.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default

    lol amael wow, again i asked if there was any way to get notification after the exploit not what is this shell thing and everyone has an angle, fair enough I guess. Look at it anyway you want but its really not that big of a deal and ironically the other poster did point me in the wrong direction. I knew their had to be some options i was not aware of and a simple ruby script playing an mp3 works for me

    Quote Originally Posted by archangel.amael View Post
    There may very well be a way to do this. But either A no one knows or B no one will tell you.
    lol gee thanks for taking the time to post all that and then this, very helpful

  10. #10
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Case closed before a flame war breaks out and I have to ban people.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •