Saturday, May 19, 2007

Using the MSF 3.0 Web Interface


Did up two videos for EthicalHacker.net on using the Metasploit Framework 3.0 Web Interface.

2 parts

1st part: We specifically take a look at running auxiliary modules against a server running MSSQL, and then we'll take a look at using the MSFweb GUI to run the idq exploit with the meterpreter payload. What is unique about the idq bug is that it will NOT give you administrator or system on the box, but you can use the rev2self command in meterpreter to elevate your privileges from IUSR_MACHINENAME to SYSTEM. While we're at it, we also dump the hashes using hashdump for a little extra fun.

http://www.ethicalhacker.net/content/view/137/24/

2nd part: We specifically take a look at running "browser" exploits where you have to get the victim to connect back to your listening Metasploit instance. We'll use the ie_createobject exploit via the MSFweb GUI, and then we'll use the wmf_setabortproc exploit using the built in msfconsole (a new addition in MSFWeb 3.0). We'll also take a look at using custom meterpreter scripts; first to see if the victim is running in vmware and second, to clear the event logs. We also show that if you set the IP address of the MSF Web to a reachable IP address (besides the default 127.0.0.1) we can share our sessions on the network.

http://www.ethicalhacker.net/content/view/136/24/


meterpreter scripts:

clearseclog: http://www.carnal0wnage.com/research/clearseclog.rb
clearalllog: http://www.carnal0wnage.com/research/clearalllog.rb
CG

No comments: