Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Auto targeting with multi platform payloads
From: Pedro Ribeiro <pedrib () gmail com>
Date: Sun, 29 Jun 2014 08:36:30 +0100

Hi Rob,

I ended up doing your second suggestion, after auto selecting a Linux
target I use payload_info to check if the payload contains the "Windows"
string and bail out with an error message if so.

The check targeting is not a good idea in my case. This is because to get a
100% correct target I have to perform a minor injection (the module
exploits a sql injection). I haven't seen this written anywhere but I would
think that the check function should be passive so that it doesn't raise
any alarms / AV / IDS, etc.

Regards
Pedro
On 29 Jun 2014 05:32, "Rob Fuller" <mubix () room362 com> wrote:

You could write your auto-targeting into the "check" function thus giving
the user the chance to select their target and the proper payload. Most of
the other "auto" target exploits stay with the same target OS and just
switch offsets based on versions of the OS that matter to the exploitation
piece.

What I would suggest is to do a check in the module code to exit if the
target system and payload don't match up and suggest to the user to switch
payloads.


--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Wed, Jun 25, 2014 at 11:36 AM, Pedro Ribeiro <pedrib () gmail com> wrote:


On 24 Jun 2014 18:40, "Pedro Ribeiro" <pedrib () gmail com> wrote:

Hi,

I'm building a multi platform exploit which has auto targeting and is
able to identify its Linux and Windows targets. I'm using a global variable
to store the chosen target. With that I set the arch and platform
correctly, and then invoke generate_payload_exe with those parameters.

However when my auto targeting function identifies a Linux target, the
generated payload defaults to the windows meterpreter.

I have a feeling that I have to tell metasploit which target I have
ended up choosing. I have tried to set the "target" variable, but it seems
to have local function scope only. Meaning if I set it in one function, it
resets to automatic in another function.

So I guess the question is - after I've chosen the target via my auto
targeting function, how do I set that as the "real" target (target 1 ,2 or
3,  not 0 / auto) so that metasploit generates the correct platform
payload? Should I be using a global variable, or is there a cleaner way to
do it?

Regards
Pedro

OK I had a look at other modules and it seems the same thing is
happening.
I still don't think this behaviour is correct, there must be a way to
select automatically a payload for the target platform?

_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault