'POST Modules'에 해당되는 글 1건

  1. 2011.11.04 Run POST Modules On All Sessions (1)
2011.11.04 20:48

Run POST Modules On All Sessions

Jcran recently blogged about an easy way to run a post module on all sessions:

http://blog.pentestify.com/simple-framework-domain-token-scanner

msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> irb
framework.sessions.count.each do |session|
  run_single("set SESSION #{session.first}")
  run_single("run")
  sleep 1
end


 
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module.

Thinking back to http://blog.metasploit.com/2010/03/automating-metasploit-console.html and my rapid file PSEXEC resource file, we know we can run ruby inside of resource files with the <ruby> tag.

Save the following as runall.rc somewhere where you'll remember:

framework.sessions.count.each do |session|
  run_single("set SESSION #{session.first}")
  print_status("Running #{active_module.fullname} against session #{session.first}")
  run_single("run")
  sleep 1
end


 
Then when you want to run a POST module against every session you have you simply do:

msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> resource runall.rc
[*] Running post/windows/gather/enum_domain_tokens on session 1



출처 : Room362.com

Trackback 0 Comment 1
  1. Favicon of http://emailmarketingblasts.net/business-info/money-mutual-cash-advance-the-be.. cash advance money 2011.11.05 05:06 address edit & del reply

    You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module.