Results 1 to 6 of 6

Thread: Auto Migrate Script on Session Startup

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    8

    Default Auto Migrate Script on Session Startup

    Hey guys Im a little new to backtrack and am going to do some pen testing on my local network using social engineering if I cant find any vulnerabilities.

    So what I have done so far is made a webserver that looks like another website that people on my network visit often. Then I have edited one of the links to open a .pdf that is infected with the reverse_tcp meterpreter payload.

    So basiclly is what I am wanting to do is since im not going to sit at my pc waiting for the people on my network to open it so I can quickly migrate to another process so I dont lose my session when they close the site. So I want to write a script so that when I have the handler started and when they open the pdf and the meterpreter session is opened that it will automaticly run the migrate.rb script inside meterpreter with out me being there to do it so that It will keep the session until I get there or until they shut the computer down. I want a some one to write a script for me and then a tutorial on how it works so I can learn how to replicate it and make similar scripts in the future.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by ballzan View Post
    I want a some one to write a script for me and then a tutorial on how it works so I can learn how to replicate it and make similar scripts in the future.
    You want someone to write a script and tutorial just for you? Good luck with that.

    Why don't you use an upexec payload instead and have it upload a backdoor program that can run as its own process and connect back to you?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by ballzan View Post
    Hey guys Im a little new to backtrack and am going to do some pen testing on my local network using social engineering if I cant find any vulnerabilities.

    So what I have done so far is made a webserver that looks like another website that people on my network visit often. Then I have edited one of the links to open a .pdf that is infected with the reverse_tcp meterpreter payload.

    So basiclly is what I am wanting to do is since im not going to sit at my pc waiting for the people on my network to open it so I can quickly migrate to another process so I dont lose my session when they close the site. So I want to write a script so that when I have the handler started and when they open the pdf and the meterpreter session is opened that it will automaticly run the migrate.rb script inside meterpreter with out me being there to do it so that It will keep the session until I get there or until they shut the computer down. I want a some one to write a script for me and then a tutorial on how it works so I can learn how to replicate it and make similar scripts in the future.
    Where shall we send the invoice for the labor involved in writing such a script?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by ballzan View Post
    I want a some one to write a script for me and then a tutorial on how it works so I can learn how to replicate it and make similar scripts in the future.
    What is this demands.com? Might want to start here: http://www.offensive-security.com/metasploit-unleashed/

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by ballzan View Post
    Hey guys Im a little new to backtrack and am going to do some pen testing on my local network using social engineering if I cant find any vulnerabilities.
    I stopped reading here and I am shocked that you guys made it further.
    He is new to BT, is going to pen test his local network and use social engineering if you can not find any vulnerabilities. WOW huge fail bus driver there.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by archangel.amael View Post
    I stopped reading here and I am shocked that you guys made it further.
    He is new to BT, is going to pen test his local network and use social engineering if you can not find any vulnerabilities. WOW huge fail bus driver there.
    Well, if you are going to social engineer anyone, it's best to social engineer yourself. After all, you would know the type of stuff thats most likely to trick yourself into opening a malicious file. For example you could send an email to yourself with a nasty attachment, and spoof it to come from a trusted source, and have it say something like:

    Hello <insert your own name here>, check out these hot pictures of Anna Kornikova!
    That would probably trick me...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •