Jcran recently blogged about an easy way to run a post module on all sessions:
http://blog.pentestify.com/simple-framework-domain-token-scanner
msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> irb
framework.sessions.count.each do |session|
run_single("set SESSION #{session.first}")
run_single("run")
sleep 1
end
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module.
Thinking back to http://blog.metasploit.com/2010/03/automating-metasploit-console.html and my rapid file PSEXEC resource file, we know we can run ruby inside of resource files with the <ruby> tag.
Save the following as runall.rc somewhere where you'll remember:
framework.sessions.count.each do |session|
run_single("set SESSION #{session.first}")
print_status("Running #{active_module.fullname} against session #{session.first}")
run_single("run")
sleep 1
end
Then when you want to run a POST module against every session you have you simply do:
msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> resource runall.rc
[*] Running post/windows/gather/enum_domain_tokens on session 1
출처 : Room362.com
728x90
댓글