Op please see your PM box with a note from me. Thanks.
Metasploit autopwn basics
MSF from the moment of its release is THE most powerful offensive tool in a pentesters arsenal. In this tutorial i plan to show how to use autopwn feature of MSF from scanning to getting a meterpreter shell.
Lets boot up trusty ol BT4 R1. Bring up your favourite terminal emulator.
We'll use msf console because its much less cluttered than GUI.Code:cd /pentest/exploits/framework3
wait a few minutes for MSF to load all modules and exploits.Code:./msfconsole
Now that we have the msfconsole up and running we need to select a database driver to store info about our target..i prefer sqlite3 cause it doesnt need any further setup for me
now we need to create a new database to store the infoCode:db_driver sqlite3
feel free to replace autopwn with any nameCode:db_create autopwn
we are connected to the database.Code:db_connect
Run a simple nmap scan to enumerate the host
to see host informationCode:db_nmap target
AND finally for the actual autopwn jst runCode:db_hosts
and there you have it...if an exploit worked you'll have a session...Code:db_autopwn -p -t -e
if you dont well better luck next time
Re: Metasploit autopwn basics
Op please see your PM box with a note from me. Thanks.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Re: Metasploit autopwn basics
It should be noted that the usage of sqlite3 is not supported by metasploit, and there are other forum threads regarding this --read postgres
Last edited by sickness; 11-07-2010 at 08:53 PM.
Re: Metasploit autopwn basics
A little help regarding what @iproute said: http://www.backtrack-linux.org/forum...ostgresql.html
Back|track giving machine guns to monkeys since 2007 !
Do not read the Wiki, most your questions will not be answered there !
Do not take a look at the: Forum Rules !
Re: Metasploit autopwn basics
Tanks for sharing
Very good
[s]
Re: Metasploit autopwn basics
Sorry about using sqlite3.didnt kno it was supported.. in my box it runs without a hitch tho..but other drivers dont run outof the box..this was before i saw sickness' post on postgreSQL of course...
Re: Metasploit autopwn basics
there are some reasons one might want to use sqlite instead of postgres or mysql for metasploit, but with the latter two, running db_autopwn will likely be more effective. I've run the same autopwn against the same vulnerable VM and witnessed this myself.
Also if you need to do reporting, sqlite may not be as well suited.
A great resource for metasploit other than the most excellent metasploit framework unleashed course can be found by performing a google search for 'metasploit megaprimer'.
Re: Metasploit autopwn basics
Actually the Metasploit Megaprimer can be found in the Video section here
Back|track giving machine guns to monkeys since 2007 !
Do not read the Wiki, most your questions will not be answered there !
Do not take a look at the: Forum Rules !
Re: Metasploit autopwn basics
Fantastic series. Vivek was very complete and detailed with those.Originally Posted by sickness
Actually the Metasploit Megaprimer can be found in the Video section here
Also, when did you become a moderator sickness? Congrats!
Re: Metasploit autopwn basics
Indeed, the Metasploit Megaprimer combined with the Metasploit Unleashed offers you the best free course for Metasploit.
Recently and thanks
Back|track giving machine guns to monkeys since 2007 !
Do not read the Wiki, most your questions will not be answered there !
Do not take a look at the: Forum Rules !
Posting Permissions
