rylagek
commented
2 years ago Resources included in default msf
Open rylagek opened 2 years ago
rylagek
commented
2 years ago Resources included in default msf
rylagek
commented
2 years ago msf portscans aren't great. Using nc instead:
perl -e '@targets=0..254; foreach $target (@targets){`nc -zvvn 172.16.50.$target 1-50000 2>&1 | grep succeeded 1>&2`}'We have a port scan (Nmap). Need the 3 other effects
rylagek
commented
2 years ago vsphere-iso.ubuntu: Run msfconsole to get started
==> vsphere-iso.ubuntu: msfdb:287:in `block in ask_yn': undefined method `strip' for nil:NilClass (NoMethodError)
==> vsphere-iso.ubuntu: from msfdb:285:in `loop'
==> vsphere-iso.ubuntu: from msfdb:285:in `ask_yn'
==> vsphere-iso.ubuntu: from msfdb:985:in `prompt_for_component'
==> vsphere-iso.ubuntu: from msfdb:1064:in `<main>'
vsphere-iso.ubuntu: [?] Would you like to init the webservice? (Not Required) [no]:
==> vsphere-iso.ubuntu: Provisioning step had errors: Running the cleanup provisioner, if present...
==> vsphere-iso.ubuntu: Clear boot order...
==> vsphere-iso.ubuntu: Power off VM...
==> vsphere-iso.ubuntu: Destroying VM...
==> vsphere-iso.ubuntu: Deleting cd_files image from remote datastore ...
Build 'vsphere-iso.ubuntu' errored after 56 minutes 13 seconds: Script exited with non-zero exit status: 1.Allowed exit codes are: [0]
==> Wait completed after 56 minutes 13 seconds
==> Some builds didn't complete successfully and had errors:
--> vsphere-iso.ubuntu: Script exited with non-zero exit status: 1.Allowed exit codes are: [0]
marissaeinhorn
commented
2 years ago Pivoted to hydra RDP attack. In Windows event viewer, the logs for this brute force attack are in Applications and Services Logs/Microsoft/Windows/RemoteDesktopServices-RdpCoreTS/Operational Event ID 131 shows attackers ip and different RHPs for each connection attempt. If required to add additional logging reference
marissaeinhorn
commented
2 years ago Smb modules article - using smb_login brute force to find local admin creds
marissaeinhorn
commented
2 years ago Automating winrm stuff with python ex
marissaeinhorn
commented
2 years ago DCO is hoping to have an appraisal and an ITM - looking to implement 2 separate attack chains. Also discuss with DCO team on whether to automate entire attack chain or keep each part as a discrete task
Ensure effects platform is prepared:
Scripted effects via
msf resource scriptsorempireautomation:lateral movement file transferhttps://www.blackhillsinfosec.com/empire-bootstrapping-v2-pre-automate-things/ https://www.rapid7.com/blog/post/2010/03/22/automating-the-metasploit-console/ https://docs.rapid7.com/metasploit/resource-scripts/ https://www.javatpoint.com/generating-a-veil-backdoor https://github.com/Exploit-install/TheFatRat