Rapid Fire PSExec
Use db_nmap to scan and populate the databse or db_import to import nmap xml into your workspace. This one uses open port 445 to query the database
https://gist.github.com/carnal0wnage/d058913628ba4a3d6363
This one uses open service of smb to query the database
https://gist.github.com/carnal0wnage/1f3944b4dd7eb6a54fd3
Running Metasploit Post modules against all sessions
Resource script to run a single post module against all sessions. Navigate to your post module, set up any required options then run this resource script.
https://gist.github.com/carnal0wnage/16cd70615dcebd378914
Got this from: https://k0st.wordpress.com/2015/07/10/running-commands-on-multiple-meterpreter-sessions/
Update: Dre mentioned his already exists here:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/resource/run_all_post.rc
Running a Meterpreter Command against all sessions
https://gist.github.com/carnal0wnage/b6fd24a19697e58bde96
Got the code from mubix
Running a Windows command against all sessions
This functionality is already built into the sessions command
Just run sessions -c "command" and if you don't put a session to interact with it will run on all sessions.
Running a Meterpreter script against all sessions
Just run sessions -s meter_script and if you don't put a session to interact with it will run on all sessions.
Just run sessions -s meter_script and if you don't put a session to interact with it will run on all sessions.
3 comments:
1. completely missed this. :-( this is the same as what i posted. thanks for mentioning it
2. works for windows commands not meterp scripts or commands
3. to run meterpreter scripts not built in commands like screenshot. does run on all sessions unless you specify like -c
4. would only run against a single session you specify ? thus you need #1 to run against multiple sessions
Which is best? depends. there is no "just take a screenshot" post module only screen_spy. So if you wanted to periodically take screenshots on an adhoc basis you have to use the code i posted as there doesnt appear to be a way to run screenshot via sessions -s . To be fair there arent many gaps in coverage but that is one.
Thanks for reading/commenting> I'm going to update the post.
accidntly deleted Dre's comment when i was trying to delete my own. Here is the original comment:
dre said...
1) https://github.com/rapid7/metasploit-framework/blob/master/scripts/resource/run_all_post.rc
2) sessions -c (as you mention, put command here) all
3) sessions -s (script) -i (1-3 ; 1,3; all)
4) post/multi/general/execute
5) other???
Which is best?
Post a Comment