search

AlA777 / armitage

Automatically exported from code.google.com/p/armitage
0 stars 0 forks source link

Add a smarter "hail mary" feature to Armitage #18

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
1. Get a raw list of exploits: db_autopwn -T -R [min rank] [-p|-x]
2. Filter list by OS information
3. Sort list by rank
4. Use bind listeners where possible, if I can connect to throw the exploit, I 
can connect to get my shell/meterpreter session
5. Execute by firing one or two off every 0.5 seconds or so (show a progress 
bar)

Advantages:

- Avoids unnecessary exploits (db_autopwn ignores OS information). Armitage is 
pretty smart about including multi/* exploits in its acceptable pool, so no 
valid exploit option will be missed.
- Sorting will make sure a service is hit with the better exploit before a 
weaker one can hit it.
- Use of a progress dialog will make it possible for users to cancel the 
operation too. 

Question: will ms08_067 fire off before other smb exploits in this scheme?

Original issue reported on code.google.com by rsmu...@gmail.com on 21 Dec 2010 at 11:23

GoogleCodeExporter commented 8 years ago

Original comment by rsmu...@gmail.com on 28 Dec 2010 at 6:14