Re: Auto targeting with multi platform payloads

[Pedro Ribeiro <pedrib () gmail com>]

Hi Rob,

I ended up doing your second suggestion, after auto selecting a Linux
target I use payload_info to check if the payload contains the "Windows"
string and bail out with an error message if so.

The check targeting is not a good idea in my case. This is because to get a
100% correct target I have to perform a minor injection (the module
exploits a sql injection). I haven't seen this written anywhere but I would
think that the check function should be passive so that it doesn't raise
any alarms / AV / IDS, etc.

Regards
Pedro
On 29 Jun 2014 05:32, "Rob Fuller" <mubix () room362 com> wrote:

> You could write your auto-targeting into the "check" function thus giving
> the user the chance to select their target and the proper payload. Most of
> the other "auto" target exploits stay with the same target OS and just
> switch offsets based on versions of the OS that matter to the exploitation
> piece.
>
> What I would suggest is to do a check in the module code to exit if the
> target system and payload don't match up and suggest to the user to switch
> payloads.
>
>
> --
> Rob Fuller | Mubix
> Certified Checkbox Unchecker
> Room362.com | Hak5.org
>
>
> On Wed, Jun 25, 2014 at 11:36 AM, Pedro Ribeiro <pedrib () gmail com> wrote:
>
> > On 24 Jun 2014 18:40, "Pedro Ribeiro" <pedrib () gmail com> wrote:
> > > Hi,
> > >
> > > I'm building a multi platform exploit which has auto targeting and is
> > able to identify its Linux and Windows targets. I'm using a global variable
> > to store the chosen target. With that I set the arch and platform
> > correctly, and then invoke generate_payload_exe with those parameters.
> > > However when my auto targeting function identifies a Linux target, the
> > generated payload defaults to the windows meterpreter.
> > > I have a feeling that I have to tell metasploit which target I have
> > ended up choosing. I have tried to set the "target" variable, but it seems
> > to have local function scope only. Meaning if I set it in one function, it
> > resets to automatic in another function.
> > > So I guess the question is - after I've chosen the target via my auto
> > targeting function, how do I set that as the "real" target (target 1 ,2 or
> > 3,  not 0 / auto) so that metasploit generates the correct platform
> > payload? Should I be using a global variable, or is there a cleaner way to
> > do it?
> > > Regards
> > > Pedro
> >
> > OK I had a look at other modules and it seems the same thing is
> > happening.
> > I still don't think this behaviour is correct, there must be a way to
> > select automatically a payload for the target platform?
> >
> > _______________________________________________
> > https://dev.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework